Health industry warned of dangerous Venus ransomware

Share post:

The Health Sector Cybersecurity Coordination Center (HC3) recently shared information on tactics, techniques, and procedures used in Venus ransomware attacks, as well as some harm reduction recommendations that health organizations can use to strengthen their defenses against attacks.

The rise of the Venus ransomware, also known as GOODGAME, is the reason for these warnings. The ransomware, which was first identified in mid-August 2022, is a relatively new threat; however, the ransomware was used worldwide in attacks, and there are now submissions of the ransomware variant every day.

Threat actors are said to be encrypting Windows devices by using publicly exposed Remote Desktop services, including Remote Desktop on standard and non-standard TCP ports, as is the case with several ransomware groups.

If the ransomware gains access, it will try to terminate 39 processes related to database servers and Microsoft Office applications. Since the ransomware appears to aim at publicly exposed Remote Desktop services, including those that run on non-standard TCP ports, these services must be protected by a firewall.

Event logs and shadow copy volumes are deleted, and data execution prevention is disabled on compromised endpoints. Files are encrypted using the AES and RSA algorithms, and encrypted files have the.venus extension, as well as a goodgamer filemarker and other information.

HC3 also warns that “the operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time.”

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways