US Health Dept warns of Venus ransomware targeting healthcare orgs

The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country's healthcare organizations.

In an analyst note issued by the Health Sector Cybersecurity Coordination Center (HC3), HHS' security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.

However, there is no known data leak site that threat actors deploying Venus ransomware are known to use for publishing stolen data online, according to HC3's report.

"HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently," the report warns.

"The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time."

Dozens of victims since August

Venus Ransomware was first spotted in mid-August 2022 and has since been deployed across the networks of dozens of corporate victims worldwide.

The threat actors behind the Venus ransomware attacks are known for hacking into the victims' publicly-exposed Remote Desktop services to encrypt Windows devices.

Besides terminating database services and Office apps, the ransomware will also delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention on compromised endpoints.

Since August, when it began operating, Venus ransomware has been relatively active, with new submissions being uploaded to ID Ransomware every day.

Ransomware targeting healthcare

U.S. federal authorities have warned about other ransomware operations targeting healthcare organizations across the United States this year.

Previous alerts include warnings of threat actors deploying Maui and Zeppelin ransomware payloads in attacks against Healthcare and Public Health (HPH) organizations.

A CISA, FBI, and HHS also warned last month that a cybercrime group known as Daixin Team is targeting the HPH sector in ongoing ransomware attacks.

Last but not least, full-service accounts receivables management company Professional Finance Company Inc (PFC) revealed in a data breach notification that a Quantum ransomware attack from late February led to a data breach impacting 657 healthcare organizations.

However, the attack could've had a much more significant impact since PFC helps thousands of U.S. healthcare, government, and utility organizations to ensure that their customers pay their invoices on time.