Microsoft has issued a warning about the increasing prevalence of Cactus ransomware attacks disguised as the Danabot malvertising campaign. The main objective of these attacks is to steal sensitive information or facilitate the injection of additional harmful payloads. The hacking group known as Storm 0216, previously associated with the distribution of Qakbot malware, has now been identified as participating in the propagation of the DanaBot Trojan, which ultimately leads to the deployment of Cactus ransomware. DanaBot was first detected infecting users in Australia and Poland and has since expanded its reach to Italy and neighboring countries. Another cybercriminal group, Artic Wolf, has also been found spreading Cactus ransomware by exploiting a critical vulnerability in the Qlik Business Analytics platform. Microsoft’s Threat Intelligence teams are actively monitoring these threats, particularly for users of the Windows 11 operating system. The Cactus criminals have been operating since March 2023 and have shown proficiency in exploiting VPN appliance vulnerabilities. Unlike some other ransomware, Cactus typically demands a ransom of $1 million to $3 million.
Key points:
– Microsoft warns about Cactus ransomware attacks disguised as Danabot malvertising campaign.
– Storm 0216 hacking group, previously associated with Qakbot malware, involved in spreading DanaBot Trojan and Cactus ransomware.
– DanaBot initially detected in Australia and Poland, now spreading to Italy and neighboring nations.
– Artic Wolf cybercriminal group exploiting Qlik Business Analytics platform vulnerability to spread Cactus ransomware.
– Microsoft actively monitoring threats, especially for Windows 11 users.
– Cactus criminals operating since March 2023, proficient in exploiting VPN appliance vulnerabilities.
– Cactus ransomware typically demands a ransom of $1 million to $3 million.