206 ukufunda

I-Cactus Ransomware: I-Evolving Cyber Threat ngo-2025 nge-Sharp Tactics

nge Dr. Sanjeev Kumar5m2025/05/13
Read on Terminal Reader
tldt arrow
en-flagENes-flagESpt-flagPTja-flagJAxh-flagXHsk-flagSKro-flagROht-flagHTgl-flagGLka-flagKAta-flagTAid-flagIDhy-flagHY
XH

Inde kakhulu; Ukufunda

I-Cactus ransomware yintloko ye-cyber threat e-2025, enikeza i-phishing, i-software ebhalisiweyo, kunye ne-double extortion tactics. I-Cactus ransomware ifumaneka kwi-networks usebenzisa i-social engineering kunye ne-custom malware, i-detection, kunye ne-encrypting yeedatha ngexesha lokukhangisa ukuxhaswa kwe-publishment. Ukuxhaswa kwe-resilience kufuneka i-backups ezininzi, i-menace monitoring, kunye ne-strategies zokuphendula ngokukhawuleza.
featured image - I-Cactus Ransomware: I-Evolving Cyber Threat ngo-2025 nge-Sharp Tactics
Dr. Sanjeev Kumar HackerNoon profile picture
0-item
1-item


I-Ransomware i-attack ye-cyber security yenzelwe ukuphrinta iinkqubo zefayela ze-computer, kunye ne-cybercriminals ziquka i-ransom ukuze inikeze i-decryption key.


Nangona kunjalo, ukunika i-ransom kwi-cybercriminals ayikwazanga inkcubeko. I-CISO / I-CIO ezidlulileyo ziquka izivakashi ze-ransomware emangalisayo. Izixhobo ze-traditional ze-file encryption ezisetyenziswayo kwi-ransomware izivakashi ziye zithunyelwe. I-analytics yobugcisa kunye ne-leaders ezidlulileyo ze-cybercriminals ezisebenzisa iindlela ezisetyenzisiweyo kunye ne-complex kunye ne-criminal societies ezilawule imisebenzi zebhizinisi.


I-Cactus ransomware yintloko ye-cyber attack. Emva kokufumana i-cactus ransomware, i-cactus ransomware iye yabaqhelekanga kwihlabathi, yenza imiphumo yelizwe njengomdla ye-cyber security. I-cactus ransomware yabaqhelekanga ngokukhawuleza kwaye yabaqhelekanga kwi-cybercrime.


Iimpawu ezininzi ze-Black Basta ransomware ziyafumaneka kulandelayo:


  • I-2023 i-US $107 million ye-extortion yebhizinisi yathunyelwa, kwaye i-Black Basta iye iqela lokuphendula.
  • I-North America kuphela iye yabaqhutshwa kakhulu kwi-incidente yayo, ezidlulileyo eYurophu, ebonakalayo i-18%.
  • I-Black Basta ransomware idibene kakhulu kwimveliso yemveliso, isakhiwo, kunye nemveliso. Iye yengxakiwe kwi-28 kwi-373 iingxaki ze-ransomware ezaziwa ngo-April 2024.
  • I-cybersecurity advisory eyakhelwe ngetyala ze-United States, i-FBI, i-CISA, i-HHS, kunye ne-MS-ISAC ibonise ukuba i-Black Basta, i-ransomware ngoNovemba 2024, ibonise i-12 kwi-16 iinkalo eziphambili.
  • I-Threat Report ye-Kaspersky ithathwe ukuba i-Black Basta ransomware yaba phakathi kwe-12 yeempawu ze-ransomware ezisebenzayo kakhulu kwi-2023 kwaye ibonelela kwi-Q1 ye-2024.


Izici esisiseko ye-cactus ransomware yi-extortion ezimbini. I-threat actor ayikwazi ukufumana i-decryption key emva kokuchithwa kwe-ransom payment. Zibonisa idatha ngokuthandwa kwi-intanethi. Nangona kunjalo, i-threat actor eyenza i-cactus ransomware ayinxalenye; iingcali ze-security zibonisa ukuba iye iye yi-source ye-malaysian hacktivist group.

A Look at the Cactus Attack Chains

Cactus ransomware ayikho umngcipheko cyber ngokubanzi – kehighly sophisticatedIqela le-threats eyenza i-Cactus ransomware i-attack isebenzisa inqubo ye-attack ye-multi-stage, enxulumene i-social engineering (njenge-Microsoft Teams fake messages), izixhobo ze-access remotely, kunye ne-custom-built-malware implants ukuxhaswa kwinkqubo kwaye ziyafumaneka ekhanyayo.


Xa kufinyelela kwinkqubo yamafutha, ama-threats actors akuyona kuphela iifayile. Zibonisa kwinethiwekhi, ukwandisa iimfuno, kwaye zithembisa, konke ngexesha lokuphumelela kwi-shock lokugqibela: encryption kunye ne-extortion. Nangona i-encryption yayo ifakwe, njengexesha elidlulileyo, zithumela iingcebiso ze-ransom kwi-imeyile-ukubonisa ukuba zinokufumana kunye nokuthumela iingcebiso ukusuka ekuqaleni ukuya ekupheleni.


Njengomdla yokuqala, ama-ransomware ama-threats actors ngokuvamile zisetyenzise iingcebiso ezisetyenzisiweyo ezisetyenziswa kakhulu, ezifana ne-VPN, i-protocols ye-desktop ekugqibeleni, okanye izicelo zewebhu, ukufumana ukufikelela kokuqala kwi-network ye-victim. Iingcebisi ingasebenzisa i-e-mail ye-phishing okanye amawebhu ze-compromised ezigqibeleleyo ukuhanjiswa ama-payloads eziluncedo. Ezi ama-e-mail ziquka ama-adjustable okanye ama-link eyenza, xa ifumaneke, ukuyisebenzisa i-ransomware.


Black Basta Ransomware Infection Lifecycle; Source: https://www.tatacommunications.com/knowledge-base/guide-to-black-basta-ransomware/


KwimekoEstablishing Persistence phase,Xa ngaphakathi, ama-attackers zithunyelwe izixhobo zokusebenza ezamahala okanye iimplants eziluncedo ezifana ne-Remote Access Trojan. Lezi zixhobo zithunyelwe ukufikelela okuqhubekayo kwaye zincedisa ukunceda ukucaciswa. Ama-attackers zithunyelwe ngokufanelekileyo kwi-system efanelekileyo (ngokusebenzisa i-memory dumps okanye i-web browser credentials) ukuze zithunyelwe iimfuno kwaye zithunyelwe kwi-network.

Emva kokufumana ukufikelela kwikhompyutha omnye, abasebenzisi abasebenzisa izixhobo ze-network ukucacisa izixhobo ezininzi ezinxulumeneyo kwi-network njenge-movement ye-lateral. Ukucaciswa kwikhompyutha kukuvumela ukuba ziqhuba kwi-lateral kwi-system kunye nokufumana izicwangciso ezininzi ze-high-value. Emva kokufumana iinkcukacha, i-ransomware ingathintela kwi-network ngokusebenzisa i-SMB, i-RDP, okanye ukusetyenziswa kwe-protocols ezincinane.

Data Exfiltration (Double Extortion)

Ngaphambi kokufaka iifayile, iindidi ze-ransomware zithunyelwe idatha emangalisayo okanye emangalisayo kwiindawo ezisemthethweni (i-cloud storage, i-command-and-control servers). Iingxaki ze-ransomware ezihlangene kunye ne-double extortion, apho i-cybercriminals zithunyelwe ingcindezi ezininzi kwi-victim ukuze baye i-ransom amount; ngaphandle kwalokho, zithunyelwa idatha eyenziwe kwiifomu zebhulumente okanye kwi-dark web.

Umxholo we-TheI-ISA Global Cybersecurity Alliance (i-ISAGCA)Ukucacisa ukuba ama-threat actors ezintsha kubasebenzisa iindlela ezintsha zokusetyenziswa kwe-attack kwi-cyber security threat landscape, kwaye i-double extortion ransomware yinkqubo ezininzi ezihlangeneyo ezivela kwi-2020.


Iifayile ziquka zithunyelwe kunye ne-algorithms ye-encryption ezininzi kunye ne-file extension eyodwa, okwenza ukuguqulwa kalula ngaphandle kwe-decryption key. Ezinye iintlobo ze-ransomware zithunyelwe izixhobo ezizodwa ezifana ne-file fragmentation okanye i-buffer encryption yokushesha inqubo ye-encryption, okwenza ukucacisa. Umxholo we-ransom (kwakhona ifayile ye-text okanye i-HTML) igcinwa kwi-system ebonakalayo, ukhangela imali kwi-cryptocurrency ukucacisa iifayile. Umxholo kuquka ngokuvamile iimpumelelo ye-database yokukhula okanye ukucaciswa komphakathi ngaphandle kwe-ransom ifumaneka.


I-Ransomware isetyenziswa ngokuqhelekileyo izixhobo ezifana ne-obfuscation ye-code okanye i-packing (isib. i-UPX okanye i-custom packers) ukunceda ukucaciswa kwizixhobo ze-security. Enye i-ransomware yenzelwe ukucacisa ukuba isebenza kwi-sandbox environment, i-security tools ezisetyenziswa ukucacisa i-malware. Ukuba inokufumana i-sandbox, inokukwazi ukucacisa okanye ukucacisa ukuqhuba.


I-analytics ye-security ingathola i-extensions ezizodwa, ezizodwa okanye iimfuno ze-file renaming ezinokuthi zihlanganisa ukusebenza kwe-encryption. Kwixesha elinye, ukucacisa i-network traffic ebizwa ngokuba yi-exfiltration okanye ukuxhumana kunye ne-IPs ezisemthethweni ingathanda ukusebenza kwe-ransomware. Ukucacisa i-command executions ezizodwa, ikakhulukazi eziqhagamshelane ne-credential dumping, izixhobo ze-motion ye-side, okanye izixhobo ze-remote access, ingaba i-indicator ephambili. Ukwenza iingcebiso ze-ransomware kwi-directories okanye ukubonisa iifayile kunye ne-extensions ezizodwa kub


Cactus's Tactics, Techniques, and Procedures (TTPs)

Ukusebenza kweqela kulinganiswa nezixhobo ezininzi ezaziwayo kwi-cybersecurity MITRE ATT&CK framework. Nazi isahluko esilinganiselwe:


  • Umgangatho wokuqala: Phishing (T1566.003), ukusetyenziswa kokufanelekileyo kwezixhobo zokuxhumana (T1199)
  • Ukuqhagamshelwano: Ukuqhagamshelwano lwekhompyutha (.bpx archives) (T1204.002)
  • I-Persistence: Imibuzo ye-Register (T1547.001)
  • I-Privilege Escalation: I-DLL sideloading (T1574.001)
  • Ukukhangisa Ukukhangisa: Ukukhangisa ifayile (T1036.005), ukufaka i-firewalls (T1562.004)
  • Ukusebenzisana kwe-WinRM kunye ne-SMB (T1021.002, T1021.006)
  • I-Command & Control: I-Channels encrypted kunye ne-BackConnect implants (T1071.001, T1571)
  • Ukubhalisa: Ukubhalisa ifayile ye-WinSCP (T1105)
  • Ukusabela: Ukubhalisa ifayile (T1486), iingcebiso kunye neengxaki


Final Thoughts

Ukunciphisa kunye nokuphendula iingxaki ze-cactus ransomware, xa ingxaki ye-cactus ilawulwe, ukwahlukanisa imishini eyenziwe kwinethiwekhi kubaluleke ukunceda ukunyuka kwakhona. Ukugcina i-backups ezinhle, ezininzi kunye ne-up-to-date kubalulekile ukuguqulwa. Ukukhutshwa kwakhona kunceda ukuguqulwa kwinkqubo ngaphandle kokuhlawula i-ransom. I-post-attack, ukuqhuba i-analysis ye-forensic kunceda ukunciphisa i-vektor ye-attack, i-systems eyenziwe, kunye ne-scope ye-data exfiltration. Izifundo kufuneka zihambise, zibonise iindidi ezininzi, kwaye zibonise


Ukuphumelela kwi-ransomware defense ayikho kwimeko yokusetyenziswa kwezixhobo ezininzi ezihlangeneyo; kuxhomekeke ngokubanzi ukusetyenziswa kwezixhobo ezifanelekileyo ngokuphumelela njenge-part of the security strategy.

Nym
L O A D I N G
. . . comments & more!

About Author

Dr. Sanjeev Kumar HackerNoon profile picture
Dr. Sanjeev Kumar@Dr. Sanjeev Kumar
Scientist | Cybersecurity researcher with 18+ years of experience in cybersecurity, network and system security, AI in cybersecurity, penetration testing
Read my stories

ZIJONGE IIMPAWU

purcat-imgcybersecurity#cactus-ransomware#ransomware-attack-2025#double-extortion#cyber-threat#cybersecurity#phishing-attacks#hackernoon-top-story

ELI NQAKU LINIKEZELWE KU...

Read on Terminal Reader Terminal
Read this story w/o Javascript Lite

AMABALI ENXULUMENEYO

Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas

Categories

Trending Topics

blockchaincryptocurrencyhackernoon-top-storyprogrammingsoftware-developmenttechnologystartuphackernoon-booksBitcoinbooks