Overview

Cactus is a Ransomware-as-a-Service (RaaS) that has been active since at least March 2023 and has targeted over 200 organisations. Cactus often attains initial access to target networks by exploiting known vulnerabilities across multiple product lines including, Qlik Sense Enterprise and Ivanti Connect Secure. The malware encrypts itself to protect the ransomware binary, making it harder to detect and granting malware with the ability to evade antivirus and network monitoring tools.