Healthcare organizations in the United States are under attack by Venus ransomware (opens in a new tab)the country’s Department of Health and Human Services (HHS) warns.
In a report published by the Health Sector Cybersecurity Coordination Center (HC3), HHS says it is aware of at least one successful Venus attack on a public healthcare company.
The problem with the Venus operators, however, is that they are not your typical double-attack ransomware attack group – there is no data leak page, and the operators do not seem interested in leaking the stolen information into the network.
There is no data leak site yet
“The Venus ransomware operators are not believed to operate under the ransomware as a service (RaaS) model and no associated data leak site (DLS) currently exists,” the report reads.
Elsewhere in the report, it said that the Venus ransomware most likely became operational in August 2022 and has since encrypted many victims around the world. Beeping Computer adds that since August, new reports have been sent to the ID Ransomware daily, suggesting that the operators are quite active.
The malware works by terminating 39 processes related to database servers and Microsoft Office applications. It targets publicly available remote desktop services, using them to gain initial access to target endpoints (opens in a new tab). In addition to terminating processes, ransomware also deletes event logs, shadow copy volumes, and disables Data Execution Prevention.
Healthcare organizations are among the most popular targets for cybercriminals, especially since the outbreak of the coronavirus. Hospitals use countless computers, printers and smart devices connected to the Internet, generating thousands of sensitive files. These devices are sometimes outdated and not properly secured, making them an ideal first-entry endpoint.
Moreover, when the Covid-19 pandemic fills the last hospital beds, overworked healthcare workers are easy targets for phishing and social engineering attacks.
In addition to Venus, healthcare organizations in the States have been targeted by Maui, Zeppelin, Daixin, Quantum and many other strains.
By: Beeping Computer (opens in a new tab)