Healthcare orgs are being swamped with ransomware, FBI warns

Ransomware attack on a computer
(Image credit: Kaspersky)

Healthcare organizations in the United States are under attack from the Venus ransomware, the country’s Department of Health and Human Services (HHS) is warning. 

In a report published by the Health Sector Cybersecurity Coordination Center (HC3), the HHS states that it is aware of at least one successful Venus attack against a public healthcare firm. 

The problem with Venus’ operators, however, is that they’re not the usual double-whammy ransomware group - there is no data leak site, and the operators don’t seem to be interested in leaking the stolen intel online. 

No data leak site yet

"The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time,” the report reads.

Elsewhere in the report, it was said that Venus ransomware most likely started operating in August 2022, and has since encrypted numerous victims all over the globe. BleepingComputer adds that since August, new submissions were being uploaded to ID Ransomware every day, suggesting that the operators are quite active.

The malware works by terminating 39 processes associated with database servers and Microsoft Office applications. It targets publicly exposed Remote Desktop services, using them to gain initial access to the target endpoints. Besides terminating processes, the ransomware also deletes event logs, Shadow Copy Volumes, and disables Data Execution Prevention.

Healthcare organizations are among the most popular targets for cybercriminals, especially since the outbreak of the coronavirus. Hospitals run countless computers, printers, and internet-connected smart devices, generating thousands of sensitive files. These devices are sometimes outdated and improperly secured, making for an ideal first-entry endpoint. 

Furthermore, with the Covid-19 pandemic filling up every last space in hospitals, overworked healthcare workers are an easy target to prey on with phishing and social engineering attacks. 

Besides Venus, healthcare organizations in the States were targeted by Maui, Zeppelin, Daixin, Quantum, and many other strains.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.