The CACTUS ransomware is said to have emerged around March 2023. The group became known for exploiting vulnerabilities to gain initial access and maintain a presence within the organization's infrastructure.<br> <br> There is little known information about the ransomware group, except that it emerged on the mentioned date and, following encryption, a text file named 'cAcTuS.readme.txt' would be created. Additionally, encrypted files were altered to the '.cts1' extension, and data exfiltration and victim extortion were conducted through the use of the service known as Tox.<br>Source: https://github.com/crocodyli/ThreatActors-TTPs
Self-encrypting binary to evade detection
Deletes shadow copies
Exploits VPN vulnerabilities for initial access
Encrypts own binary with AES key from command line
Uninstalls antivirus software