Health care institutions in the United States are under attack from Venus ransomware (Opens in a new tab)the country’s Department of Health and Human Services (HHS) warns.
In a report published by the Health Sector Cyber Security Coordination Center (HC3), HHS stated that it was aware of at least one successful Venus attack against a public healthcare company.
However, the problem with Venus operators is that they are not the usual double ransomware suite – there is no data leak site, and the operators do not seem interested in leaking stolen information online.
No data leak site yet
The report reads: “Venus ransomware operators are not believed to operate as a ransomware-as-a-service (RaaS) model and there is no associated data leak site (DLS) at this time.”
Elsewhere in the report, it was said that the Venus ransomware most likely started operating in August 2022, and since then has encrypted many victims worldwide. Computer He adds that since August, new submissions have been uploaded to ID ransomware every day, which indicates that the operators are very active.
The malware works by killing 39 processes associated with database servers and Microsoft Office applications. Targets remote desktop services exposed to the public, using them for initial access to the target endpoints (Opens in a new tab). Besides terminating processes, ransomware also deletes event logs, backup volumes, and disables data execution prevention.
Healthcare institutions are among the most common targets for cybercriminals, especially since the outbreak of the coronavirus. Hospitals operate countless computers, printers, and smart devices connected to the Internet, resulting in thousands of sensitive files. These devices are sometimes outdated and not properly secured, making them an ideal first entry end point.
Moreover, with the Covid-19 pandemic filling every last space in hospitals, weary healthcare workers are an easy target to be hacked with phishing attacks and social engineering.
Besides Venus, health care institutions in the United States have been targeted by Maui, Zeppelin, Dixin, Quantum, and many other breeds.
Across: Computer (Opens in a new tab)