Tech & Innovation in Healthcare

Industry Notes:

Beware the Venus Ransomware Threat, Warns HC3

The Health Sector Cybersecurity Coordination Center (HC3) issued an Analyst Note on Nov. 9, 2022, regarding the Venus ransomware threat. The ransomware specifically targets publicly exposed Remote Desktop Services to encrypt Windows devices. Since it started operating in August 2022, the ransomware has claimed several victims around the world, including at least one healthcare entity in the United States.

Initial ransom demands are believed to start around 1 bitcoin (BTC) or less than $20,000. The Analyst Note also mentions that the Venus ransomware operators aren’t believed to operate the threat as a ransomware-as-a-service (RaaS) and aren’t connected to data leak site (DLS) at the time of the note.

“When executed, the Venus ransomware will attempt to terminate 39 processes associated with database servers and Microsoft Office applications,” according to the Analyst Note. The note also mentions that the ransomware will delete event logs, shadow copy volumes, and disable data execution prevention.

HC3 recommends placing Remote Desktop Services, including those operating on nonstandard TCP ports, behind a firewall. The agency also suggests several mitigations for a ransomware attack including, but not limited to:

  • Maintaining offline data backups and implement network segmentation
  • Installing updates and patches on operating systems, firmware, and software when they are released
  • Disabling unused ports
  • Enforcing multifactor authentication (MFA), placing RDP behind a virtual private network (VPN), and considering MFA for securing RDP access
  • Adopting National Institute for Standards and Technology (NIST) standards for creating and managing password policies
  • Requiring administrative credentials for installing software.