Contents:
According to a warning issued this week by the U.S. Department of Health and Human Services (HHS), healthcare businesses across the country are being targeted by Venus ransomware attacks.
HHS’s security team notes that it is aware of at least one event in which Venus ransomware was distributed on the networks of a U.S. healthcare organization. As mentioned in the analyst note issued by Health Sector Cybersecurity Coordination Center (HC3), threat actors using Venus ransomware are not known to use a specific data breach site to publish stolen data online.
HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. (…) The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time.
Daily Venus Ransomware Attacks
Venus Ransomware was first noticed in the middle of August 2022. Since then, it has spread to the networks of dozens of companies around the world. It is known to hack into the victims’ Remote Desktop services, which are open to the public, and encrypt Windows devices.
As Bleeping Computer explained, in addition to suspending database services and Office applications, the ransomware deletes event logs, Shadow Copy Volumes, and disables Data Execution Prevention on exposed endpoints.
Venus ransomware has been rather active since its ‘launch’ in August, with daily contributions being uploaded to ID Ransomware, a free public ransomware decryption tool.
Ransomware Attacks Against Healthcare Are Rising
Previously this year, government officials in the United States warned about more ransomware attacks targeting healthcare facilities around the country. Warnings have shown that attackers are using ransomware variants such as Maui and Zeppelin against healthcare and public health (HPH) institutions.
Last month, the FBI, HHS, and the Computer Incident Response Team (CIRRT) issued a warning about a cybercrime gang called Daixin Team that is launching ransomware attacks against the HPH industry.
And in late February, in a data breach report, debt management company Professional Finance Corporation, Inc (PFC) disclosed that 657 healthcare organizations were affected by a compromise caused by the Quantum ransomware attack.
The Health Sector Cybersecurity Coordination Center report published on the 9th of November is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.