Health industry warned of dangerous Venus ransomware

Share post:

The Health Sector Cybersecurity Coordination Center (HC3) recently shared information on tactics, techniques, and procedures used in Venus ransomware attacks, as well as some harm reduction recommendations that health organizations can use to strengthen their defenses against attacks.

The rise of the Venus ransomware, also known as GOODGAME, is the reason for these warnings. The ransomware, which was first identified in mid-August 2022, is a relatively new threat; however, the ransomware was used worldwide in attacks, and there are now submissions of the ransomware variant every day.

Threat actors are said to be encrypting Windows devices by using publicly exposed Remote Desktop services, including Remote Desktop on standard and non-standard TCP ports, as is the case with several ransomware groups.

If the ransomware gains access, it will try to terminate 39 processes related to database servers and Microsoft Office applications. Since the ransomware appears to aim at publicly exposed Remote Desktop services, including those that run on non-standard TCP ports, these services must be protected by a firewall.

Event logs and shadow copy volumes are deleted, and data execution prevention is disabled on compromised endpoints. Files are encrypted using the AES and RSA algorithms, and encrypted files have the.venus extension, as well as a goodgamer filemarker and other information.

HC3 also warns that “the operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time.”

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

20 dollars unmasks a major vulnerability in the internet infrastructure. Cyber Security Today for Friday the 13th, September 2024

US Cyber Security and Infrastructure Agency -  CISA has added three significant vulnerabilities to its “known exploited vulnerabilities...

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways