Healthcare organizations in the United States are under attack by the Venus ransomware (opens in new tab)warns the country’s Department of Health and Human Services (HHS).
In a report published by the Health Sector Cybersecurity Coordination Center (HC3), the HHS states it is aware of at least one successful Venus attack on a public health company.
However, the problem with Venus’ operators is that they are not the usual ransomware group – there is no data breach site and the operators don’t seem interested in leaking the stolen information online.
No data breach site yet
“The Venus ransomware operators are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data breach site (DLS) exists at this time,” the report reads.
Elsewhere in the report, it said that the Venus ransomware likely started working in August 2022 and has since encrypted countless victims around the world. BleepingComputer adds that since August, new submissions have been uploaded to ID Ransomware every day, suggesting that the operators are quite active.
The malware works by terminating 39 processes associated with database servers and Microsoft Office applications. It targets publicly accessible Remote Desktop services and uses them to access the target endpoints first (opens in new tab). In addition to terminating processes, the ransomware also deletes event logs, Shadow Copy Volumes and disables Data Execution Prevention.
Healthcare organizations are among the most popular targets of cybercriminals, especially since the coronavirus outbreak. Hospitals use countless computers, printers and internet-connected smart devices, generating thousands of sensitive files. These devices are sometimes outdated and not properly secured, making them an ideal first-entry endpoint.
In addition, as the Covid-19 pandemic fills up every last space in hospitals, overworked healthcare workers are an easy target to hunt with phishing and social engineering attacks.
In addition to Venus, health organizations in the United States were also targeted by Maui, Zeppelin, Daixin, Quantum, and many other species.
Via: BleepingComputer (opens in new tab)