Ransomware Group ‘Cactus’ Lists Four Companies on Data Leakage Site

Reza Rafati
Estimated read time 1 min read

The notorious ransomware group ‘Cactus’ made headlines again today after listing four more companies on their Data Leakage site. The compromised entities are Lagarde Meregnani, Barsco, Foroni SPA, and Hornsyld Købmandsgaard, all added on 05/09/2023.

The new listings indicate that the group has potentially gained unauthorized access to these companies’ data and might be threatening to release it unless a ransom is paid.

Ransomware Group 'Cactus' Lists Four Companies on Data Leakage Site
Ransomware Group ‘Cactus’ Lists Four Companies on Data Leakage Site

Historically, ‘Cactus’ has been responsible for leaking the data of organizations that fail to meet their payment demands, leading to significant operational, financial, and reputational damages.

The Cactus Ransomware website

The Cactus Ransomware group operates a blog that is accessible via the TOR network. They are currently operating on cactusbloguuodvqjmnzlwetjlpj6aggc6iocwhuupb47laukux7ckid.onion.

TTPs of Cactus Ransomware

After infiltrating the network, the malicious actor set up a scheduled task to maintain consistent access. This was achieved through an SSH backdoor, which was accessible from their command and control (C2) server.

Think This Is Crucial Info? Share to Inform Others!
Avatar for Reza Rafati
Reza Rafati https://cyberwarzone.com

Reza Rafati, based in the Netherlands, is the founder of Cyberwarzone.com. An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author