Watch out, there’s a new malvertising scheme spreading dangerous ransomware

Cybercriminal group Twisted Spider is using DanaBot to gain initial access to systems, before deploying CACTUS ransomware. After the QakBot infrastructure was dismantled by law enforcement last summer, Twisted Spider was forced to use DanaBot, an info-stealing malware. Twisted Spider and another group, Storm-1044, are using the CACTUS ransomware variant to steal sensitive data as it is harder to detect due to its self-encrypting nature.