Venus Ransomware Attacks Healthcare Organizations

Category: Ransomware News | Industry: Healthcare | Level: Strategic | Source: HHS

The Venus ransomware group (aka GOODGAME) is recognized by the U.S. Department of Health and Human Services (HHS) to be actively targeting healthcare organizations. At least one US healthcare entity has been compromised by Venus ransomware since the group emerged in August 2022. Current knowledge of the group is limited however from initial observations, the ransomware group does not possess a data leak site nor are they identified to operate as a ransomware-as-a-service (RaaS) model. "Despite this, the ransomware uses a wide variety of contact email addresses and TOX IDs, indicating it is likely multiple threat actors are distributing the ransomware." Operators for the group target open remote desktop services including any "running on non-standard TCP ports." When the ransomware executes it exhibits the same behaviors as most encryptors of deleting shadow copies to inhibit system recovery and deleting windows events logs. Files are encrypted with a '.venus' extension along with the additional data to the end of the file such as a 'goodgamer' filemarker. Healthcare organizations have been a prime target for threat actors. Other ransomware groups deploying Maui and Zeppelin are also known to be targeting healthcare organizations.

‍