The CACTUS ransomware is said to have emerged around March 2023. The group became known for exploiting vulnerabilities to gain initial access and maintain a presence within the organization's infrastructure. There is little known information about the ransomware group, except that it emerged on the mentioned date and, following encryption, a text file named 'cAcTuS.readme.txt' would be created. Additionally, encrypted files were altered to the '.cts1' extension, and data exfiltration and victim extortion were conducted through the use of the service known as Tox. Source: [enlace omitido]
Perfil del actor (IA)
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Víctimas divulgadas
7
Países afectados
5
Sitios de filtración
3
Conocidos (no se enlazan)
Actividad
3 sept 2024
desde 5 sept 2023
Línea de tiempo de actividad
2023-092024-09
Países que ataca
🇲🇽 MX
3
🇵🇷 PR
1
🇨🇱 CL
1
🇺🇾 UY
1
🇧🇷 BR
1
Técnicas (MITRE ATT&CK)
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
T1053.005Scheduled Task/Job: Scheduled Task — The group uses task scheduling for file execution for C2 communication and uses ransomware payload persistence.
T1072Software Deployment Tools — Actors attempt to gain access and use a set of third-party software installed on the network for lateral movement.
Your systems were accessed and encrypted by Cactus.
Do not interrupt the encryption process, don't stop or reboot your machines.
Otherwise the data may be corrupted and unrecoverable.
The best you can do is wait until encryption is finished to keep your files safe.
Besides, we have downloaded a huge pack of confidential information from your systems.
To recover your files and prevent disclosure of your sensitive data contact us via email: [redactado]
Your unique ID:
Backup contacts: EMAIL: [redactado]
[redactado] ([redactado]
[redactado]
Download link #1: [enlace omitido] [enlace omitido] DESCRIPTIONS: Personal Identifiable Information, customer info, contracts, employees\executives personal and corporate data, accounting\payroll, corporate correspondence, etc.
tibaitservices.com
🇲🇽
Technology
8 ago 2024· hace 1 año(s)
Download link #1: [enlace omitido] [enlace omitido] DESCRIPTIONS: Personal Identifiable Information, employees and executives personal and corporate data, financial documents, contracts, corporate correspondence, etc.
Todas las víctimas divulgadas
7 resultado(s)
Organización
País
Sector
Grupo
Descubierta
rangeramerican.com
PR
Business Services
—
3 sept 2024
tibaitservices.com
MX
Technology
—
8 ago 2024
scanda.com.mx
MX
Technology
—
13 may 2024
acfin.cl
CL
Financial Services
—
13 may 2024
bachoco.com.mx
MX
Agriculture and Food Production
—
28 dic 2023
GEOCOM
UY
Technology
—
6 nov 2023
Marfrig Global Foods
BR
Agriculture and Food Production
—
5 sept 2023
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Sectores objetivo
Technology
3
Agriculture and Food Production
2
Business Services
1
Financial Services
1
— The group creates a service/system account to launch the ransomware.
T1003.001OS Credential Dumping — The group performs LSASS memory dump to identify credentials.
T1555.003Credentials from Web Browsers — The group searches for key files from users' browsers to locate stored passwords to proceed with the attack and access other accounts.
T1538.008Malvertising — The threat actor was identified by Microsoft as responsible for the Danabot campaign via malvertising for final delivery of Ransomware Cactus.
155a1d61ba47a8fbb87ba1aced22649e
b2951204c09e7791d83c58017742b297
3f8dbb3a8b881cba220c124323e92e6b
a20f8391af142d78fa825e38f0f40965
ffd340da6546fd9727011fa808af4ac1
11af5c1051f89e0933646121eefb388b
3dc738d44d0a5fe03568e09d59203a79
eba1596272ff695a1219b1380468293a
977fe7712d2c2d8592c094a9de88170c
32d93a2ec1007aad3228ced140b31682
0a75d6369662af48ce6789d6b313a9a5
1b99383c43c36fa94d046dca6423a93b
9f9f02ce0d1a1aa6e4e0b2867af09ba0
13ace884f11b68fd1d427f3f4effaf76
273aa71a0ba88334060922563a8418cc
3e748ba8609601283f21b4ecc784efed
0c0ece5515f5e2719f0e0a93e1f112dc
42bce02c8f6d561f02856a367272b835
5b4d60780f6b5bbb6cb0a28fee885422
214d097d63c0aa20ae2a833518c583a1
b7e14409b99a663fa181ec5e2abc8fb3
ea16d3eb7bafa159c311c7806729ccdd
9a3d11b64e78895b8997fc7ad471655e
efa0d819098dc38d7a92ecd7eaf8a82a
ef6a62e5ef88cdcc946e8edafe7a2184
0e4ee38fe320cfb573a30820198ff442
74e6deb66b7845af3eb2d61727bb0bad
13baaae3f238bff3b5d3294f66a63bc0
949d9523269604db26065f002feef9ae
a73487356f1f47a6f87c470b150605e9
86281388d3cdbc77b337000b0725ea81
scanda.com.mx
🇲🇽
Technology
13 may 2024· hace 2 año(s)
Download link #1: [enlace omitido] [enlace omitido] DESCRIPTIONS: Personal Identification information, corporate documents, legal information, financial data\payroll\reports, employee personal data, correspondence, customer information, contracts, database backups.
acfin.cl
🇨🇱
Financial Services
13 may 2024· hace 2 año(s)
Download link #1: [enlace omitido] [enlace omitido] DESCRIPTIONS: Client confidential data - agreements\reports etc., Personal identification Information (passports, DL, etc), financial statements\reports, executives personal data, security officer private photos and files, etc.
bachoco.com.mx
🇲🇽
Agriculture and Food Production
28 dic 2023· hace 2 año(s)
Download link #1: [enlace omitido]
GEOCOM
🇺🇾
Technology
6 nov 2023· hace 2 año(s)
GEOCOM Uruguay SA provides global solutions, with certified quality, applying state of the art IT technologies that are best suited to the demands and needs of its customers with the ongoing goal of exceeding their expectations.