cactus
2 incidentes
1 paises
0 sectores
ransomware MY Ultimo: 2026-06-25
Cactus is a ransomware-as-a-service (RaaS) operation that emerged in March 2023, primarily motivated by financial gain through a double extortion model. The group distinguishes itself by encrypting its own binary to evade detection, which it only unpacks when executed. While its exact origin remains unknown, some researchers speculate connections to Russia or a Malaysian hacktivist group. Cactus operators have demonstrated an evolving operational model, with evidence in January 2025 suggesting a potential transition or close affiliation of members from the Black Basta ransomware group, indicating a shared use of tactics, techniques, and procedures.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
United States (2)Paises objetivo (SOCRadar)
Argentina
Australia
Belgium
Brazil
Bahamas
Canada
Switzerland
Chile
Cyprus
GermanySectores objetivo (SOCRadar)
Construction of BuildingsFood ManufacturingOther Information ServicesRail TransportationSoftware PublishersReal EstateHospitalsEnterprises & HoldingAccommodationAir Transportation