The Ministry of Health and Social Services (HHS) warned medical organizations throughout the United States about the impending wave of cyber attacks using the extortion of Venus. The message was received after a recent hacking of one unnamed medical organization.
According to the report of the Center for Cybersecurity of the Health sector, after an attack in the Darknet, nothing appeared that could indicate the guilty of what happened. Experts suggest that Venus operators work according to the RAAS model and currently do not have their own site on which the victims are posted.
Venus extortion was discovered in mid -August 2022 and quickly spread around the world. It is known that after infection of the victim, the malicious completes 39 processes associated with database servers and Microsoft Office applications. In addition, he is trying to use the services of remote desktops to gain access to target end points. A special Venus feature is the removal of logs, a volume with shadow copies and disconnecting Data Execution Prevention.
In order to reduce the risks of infection with Venus, IB specialists recommend that medical organizations implement solutions to protect e-mail, add banners to emails from external sources, disconnect hyperlinks in emails and regularly train employees with the basic principles of information hygiene and cybersecurity.