Healthcare Security Warning
The United States Department of Health and Human Services recently warned healthcare organizations that they are also at risk of being attacked by Venus ransomware.
The Health Sector Cybersecurity Coordination Center (HC3) released an analyst note that suggests the U.S. Department of Health and Human Services (HHS) is aware of at least one case where ransomware was deployed against a healthcare organization in the United States by using the Venus software application.
"We are sharing this information to provide visibility into the ongoing threat and increase awareness of the potential for increased targeting of the healthcare sector by this ransomware," says the note.
Venus is a relatively new ransomware-as-a-service (RaaS) operation that emerged in early 2020. The group behind it, known as REvil or Sodinokibi, has been active since at least April 2019.
REvil has been linked to high-profile ransomware attacks, including those against travel giant Travelex and law firms Grubman Shire Meiselas & Sacks and Cravath Swaine & Moore.
The HC3 note mentions that Venus ransomware is typically deployed through spam emails containing malicious attachments or links. Once executed, the malware will encrypt the victim's files and display a ransom note demanding payment in cryptocurrency in exchange for the decryption key.
Without paying the ransom, there is no known way to decrypt files encrypted by Venus ransomware. However, victims who have backups of their data can restore it from those backups.
HHS advises healthcare organizations to take steps to protect themselves from Venus ransomware and other attacks, such as patching systems and applications, using strong spam filters, and training staff on cybersecurity