A variant of the Cactus ransomware has been discovered that is capable of encryption to avoid detection by antivirus programs and endpoint security solutions. The Kroll cybersecurity researchers discovered the malicious software that operates by encrypting files and leaving a ransom note. The malware becomes especially hard to detect because it is self-encrypting. Cactus has three main modes of operation, with encryption as one of them. Attackers provide the malware with a unique AES key that is used to decrypt the ransomware’s configuration file and the public RSA key necessary to encrypt everything else on the target endpoint. Cactus has multiple modes of encryption, including a quick mode that encrypts files twice with two different file extensions. Despite not knowing much about the group behind the malware, it is likely they demand “millions” for ransom payments and have successfully used the ransomware in the past.

It’s important to regularly update software and hardware and have cybersecurity measures in place to protect against ransomware, as well as train employees on how to avoid social engineering and phishing attacks.

Source: BleepingComputer (opens in new tab)