Cactus Ransomware Strikes New Horizons Baking Company

A New Victim on the Dark Web

The cyber threat landscape continues to evolve, with ransomware groups actively targeting organizations across various industries. On February 20, 2025, the ThreatMon Threat Intelligence Team reported that the “Cactus” ransomware group had added New Horizons Baking Company to its list of victims. The attack was detected on the dark web, where cybercriminals often list their successful breaches and extortion attempts.

New Horizons Baking Company, a key player in the food production industry, now faces a critical cybersecurity challenge. Ransomware attacks like this typically involve encrypting a victim’s data and demanding payment in exchange for decryption keys. The impact of such attacks can be severe, leading to financial losses, operational disruptions, and reputational damage.

ThreatMon, an end-to-end threat intelligence platform, actively monitors ransomware activities and provides Indicators of Compromise (IOCs) and Command and Control (C2) data to help organizations defend against such threats. As ransomware attacks continue to rise, businesses must enhance their cybersecurity posture to prevent, detect, and respond to these growing threats.

What Undercode Says:

The Rise of Cactus Ransomware

Cactus ransomware is one of the emerging cybercriminal groups specializing in targeted ransomware attacks. Unlike opportunistic malware campaigns that spread widely, groups like Cactus often choose specific victims based on their perceived ability to pay ransoms. This approach increases the likelihood of a successful extortion attempt, making organizations with weak cybersecurity prime targets.

The Dark Web and Public Disclosure

The fact that Cactus publicly listed New Horizons Baking Company on the dark web indicates a double extortion strategy. This means that, in addition to encrypting the company’s files, the attackers may have also stolen sensitive data. If the company refuses to pay, the ransomware operators might leak or sell the stolen information, increasing the pressure on the victim.

Why Food Industry Targets Are Growing

The food industry has become an attractive target for ransomware operators for several reasons:

1. High Operational Dependency – Food production companies rely on continuous operations; any disruption could lead to major financial losses.
2. Lack of Cybersecurity Maturity – Compared to financial institutions or tech firms, many food companies have weaker cybersecurity defenses, making them easier targets.
3. Supply Chain Risks – A ransomware attack on a food supplier can impact multiple businesses down the chain, amplifying its effects.

Economic and Reputational Damage

A ransomware attack can cost a company millions in lost revenue, regulatory fines, and remediation costs. Additionally, the loss of customer trust and potential lawsuits make recovery even more challenging. In cases where sensitive customer or employee data is leaked, the damage extends beyond the immediate attack.

How Companies Can Defend Themselves

To mitigate ransomware risks, organizations should adopt proactive cybersecurity measures, including:

• Regular Data Backups – Ensuring offline backups to recover data without paying ransoms.
• Endpoint Detection & Response (EDR) – Using advanced tools to detect suspicious activities early.
• Network Segmentation – Preventing lateral movement of ransomware within corporate networks.
• Employee Training – Educating staff on phishing and social engineering tactics used by attackers.
• Incident Response Planning – Having a well-defined response strategy to contain and recover from ransomware incidents.

The Future of Ransomware

Ransomware threats are evolving, with attackers adopting more sophisticated tactics like:

• AI-driven malware that can adapt to security defenses.
• Targeted attacks on critical infrastructure (healthcare, energy, food supply).
• Ransomware-as-a-Service (RaaS) models, making it easier for cybercriminals to launch attacks.

As threats continue to grow, businesses must prioritize cybersecurity investments and stay ahead of cybercriminals. The case of New Horizons Baking Company serves as a stark reminder that no industry is immune to ransomware.