BEST OF THE WEB

Health industry warned of dangerous Venus ransomware

The Health Sector Cybersecurity Coordination Center (HC3) recently shared information on tactics, techniques, and procedures used in Venus ransomware attacks, as well as some harm reduction recommendations that health organizations can use to strengthen their defenses against attacks.

The rise of the Venus ransomware, also known as GOODGAME, is the reason for these warnings. The ransomware, which was first identified in mid-August 2022, is a relatively new threat; however, the ransomware was used worldwide in attacks, and there are now submissions of the ransomware variant every day.

Threat actors are said to be encrypting Windows devices by using publicly exposed Remote Desktop services, including Remote Desktop on standard and non-standard TCP ports, as is the case with several ransomware groups.

If the ransomware gains access, it will try to terminate 39 processes related to database servers and Microsoft Office applications. Since the ransomware appears to aim at publicly exposed Remote Desktop services, including those that run on non-standard TCP ports, these services must be protected by a firewall.

Event logs and shadow copy volumes are deleted, and data execution prevention is disabled on compromised endpoints. Files are encrypted using the AES and RSA algorithms, and encrypted files have the.venus extension, as well as a goodgamer filemarker and other information.

HC3 also warns that “the operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time.”

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web