The Cactus ransomware encrypts itself to avoid getting spotted

malware image 48938493

Cybersecurity experts have identified the new Cactus ransomware, and it is a master of disguise. It does this uniquely, hence making even the beefed-up antivirus software packages not notice its existence. This sounds quite scary because anyone can have this virus on their system whilst having antivirus software running.

The new malware executes itself in a series of ways, as identified by some cybersecurity experts. One of its methods of execution involves it hiding itself from any antivirus software that might be available on the user’s system. It harps upon the weakness of antiviruses and endpoint security solutions out there to keep itself concealed in plain sight.

Information regarding this ransomware was provided by the folks at Kroll. The firm’s risk and financial advisory solutions team have been able to spot this malware and make it known to the public. Here is everything you need to know about this masquerading malware that hopes to hold your files for ransom.

The new master of disguise in the cybersecurity world is the Cactus ransomware

The new Cactus ransomware has three main modes of executing itself in a system. In this article, the main focus will be just one of the ways it executes on a system. This method of execution makes the Cactus ransomware go undetected even by antivirus software packages.


If you are familiar with antivirus software products and endpoint security solutions, you’d know that they can’t read encrypted files. Well, one of the ways the new Cactus ransomware executes itself in a system is by encryption. With the use of an AES key, a bad actor can deploy this ransomware to a system, where it will exist as an encrypted file.

Cybersecurity experts have been able to understand how this ransomware operates. It all starts with the bad actors providing this ransomware with a unique AES key that they also have access to. With the AES key, the ransomware’s configuration file and public RSA key can be decrypted.

After this, the bad actor can then encrypt the malware file and then forward it to the target. These will get to the target’s system as a HEX string, which is hardcoded in the bad actor’s binary. After the malware gets into the target’s system, the bad actor decodes the HEX string.

This will give them access to the user’s data which they can then access with the AES key. The entire encryption process makes the Cactus ransomware hard to detect. It can easily exist on a system, causing damage whilst being ignored by the installed antivirus or endpoint security solution.


The Cactus ransomware is a master of disguise and hides in plain sight. But this malware also has two other ways to execute on a target’s computer system. Executing it using encryption and another method together makes this malware more lethal. More research and work will go into better understanding this ransomware and how to prevent its attacks.