Healthcare organizations across the United States have been warned by the Department of Health and Human Services (HHS) regarding Venus ransomware assaults following a recent breach against a healthcare provider.
Despite the attack, no data leak site for the Venus ransomware actors has been identified, according to a report published by the Health Sector Cybersecurity Coordination Center (HC3).
"HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time," said the report.
Since its emergence in the middle of August 2022, ransomware has propagated throughout the networks of numerous corporate victims around the globe.
The ransomware terminates 39 processes linked with database servers and Microsoft Office apps. It targets publicly exposed Remote Desktop Services and exploits them to secure initial access to the target endpoints. In addition, the ransomware deletes event logs, Shadow Copy Volumes, and disables Data Execution Prevention on exploited endpoints.
Lucrative Target
Since the outbreak of Covid-19, the healthcare industry has been a lucrative target for malicious hackers. Hospitals operate multiple computers, printers, and internet-linked smart devices, generating thousands of sensitive files. These devices are sometimes outdated and improperly secured, making them a perfect candidate for an initial entry endpoint.
Moreover, with the Covid-19 pandemic filling up every last space in hospitals, overworked healthcare workers are an easy target to prey on with phishing and social engineering attacks.
Last month, government officials in the United States warned regarding multiple ransomware attacks targeting healthcare facilities nationwide. Warnings showed that the attackers are employing ransomware variants such as Maui and Zeppelin against healthcare and public health (HPH) institutions.
And in February, in a data breach report, debt management firm Professional Finance Corporation, Inc (PFC) revealed that 657 healthcare organizations were impacted by a Quantum ransomware attack.
To mitigate risks, security experts recommended healthcare organizations implement an email security solution, consider adding a banner to emails from external sources, disable hyperlinks in emails, and provide regular security awareness training to the employees.
