Venus ransomware target publicly exposed Remote Desktop services

Share post:

A relatively new ransomware operation, identified as Venus, hacks into publicly exposed Remote Desktop services to encrypt Windows devices. According to researchers, Venus ransomware started operating in the middle of August 2022 and has since encrypted victims all over the world.

As soon as it is executed, Venus ransomware tries to terminate thirty-nine processes that are connected to database servers and Microsoft applications. The ransomware then continues to delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention through an identified command.

When encrypting files, the ransomware appends the .venus extension. In each encrypted file, the ransomware will add a ‘goodgamer’ filemarker and other information to the end of the file. However, it remains unclear what this stands for.

Venus ransomware creates an HTA ransom note in the %Temp% folder, which is automatically displayed when the ransomware is ready to encrypt the device.

The analysis of the ransom note seen shows that the ransomware identified as “Venus” and shared a TOX address and email address, which can be used to reach the threat actor to negotiate a ransom payment. At the end of the ransom note is a Base64 encoded blob, which is probably the encrypted decryption key.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways