The healthcare sector in the US has become one of the targets of the Venus ransomware, as warned by the US Department of Health and Human Services (HHS) recently. There is currently no identified leak site of the ransomware, although reports reveal that at least one incident of its attack has already been recorded.
The researchers said that the Venus ransomware does not operate as a ransomware-as-a-service (RaaS) as most ransomware variants do. Since its first few malicious activities in August this year, the ransomware’s operators have deployed it against networks of numerous corporations globally.
Research shows that the Venus ransomware attacks commonly start by exploiting their victims’ publicly exposed Remote Desktop platforms, leading to the encryption of their machines.
Once the ransomware has landed on a targeted Windows device, it will terminate database services and MS Office applications. Subsequently, Venus will delete the user’s event logs, shadow copies, and deactivate Data Execution Prevention on compromised endpoints.
Following the ransomware’s first few campaigns in August, researchers noted that it has been relatively active. These findings come from the new submissions that the ID Ransomware platform receives regularly concerning the activities performed by the Venus ransomware.
Aside from the Venus ransomware, the US federal law enforcement also published warnings about other ransomware strains being deployed against America’s healthcare sector for 2022. Maui and Zeppelin were two of the most used malware payloads, with recorded cyberattacks on Healthcare and Public Health (HPH) organisations throughout the past months.
Many ransomware campaigns have also been launched against the HPH org involving the notorious Daixin Team. This discovery came from the warnings released last month by CISA, HHS, and the FBI.
Meanwhile, a separate report revealed that the Professional Finance Company Inc (PFC) in the US has recently suffered from a ransomware attack involving the Quantum strain, which transpired last February. This attack incident led to a data breach that affected about 657 healthcare orgs.
The authorities were concerned about this breach incident since PFC is affiliated with thousands of US organisations, including under the sectors of government, healthcare, and utilities.