Pro-Russian hackers close to the GRU attack institutions, carriers and suppliers with DDoS. The operation is complementary to the Moscow military one: the objectives are shared.
Venus is targeting the Healthcare sector in the USA. HC3 cybersecurity experts: The ransomware operators attack publicly exposed Remote Desktop Services, even on non-standard TCP ports, to encrypt Windows devices
Venus (aka GOODGAME) is a ransomware targeting the Healthcare sector in the United States. The Health Sector Cybersecurity Coordination Center (HC3) issued a warning for the organizations in the country, following a recent breach against a provider. The threat actors behind Venus the malware is known to target publicly exposed Remote Desktop Services, even those running on non-standard TCP ports, to encrypt Windows devices. The ransomware will delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention using the following command. When encrypting files, Venus uses AES and RSA algorithms and will append the ‘.venus’ extension. In each encrypted file, a ‘goodgamer’ filemarker and other information are added to the end of the file.