The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country’s healthcare organizations.
In an analyst note issued by the Health Sector Cybersecurity Coordination Center (HC3), HHS’ security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.
However, there is no known data leak site that threat actors deploying Venus ransomware are known to use for publishing stolen data online, according to HC3’s report.
“HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently,” the report warns.
“The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time.”
Dozens of victims since August
Venus Ransomware was first spotted in mid-August 2022 and has since been deployed across the networks of dozens of corporate victims worldwide.
The threat actors behind the Venus ransomware attacks are known for hacking into the victims’ publicly-exposed Remote Desktop services to encrypt Windows devices.
Besides terminating database services and Office apps, the ransomware will also delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention on compromised endpoints.