Venus/GOODGAME Ransomware Targets US Health Organizations

Well, it seems like 2022 is the year of the out-of-this-world ransomware: Venus. Threat actors are using this dangerous malware to encrypt victim files worldwide and recently, several health organizations in the US.

Venus GoodGame Ransomware

Ever since August 2022, the Venus ransomware has been relatively active. Now, the group behind it has its eyes set on the healthcare sector in the United States. In just two months, cybercriminals were able to upgrade the ransomware, making it as aggressive as ever.

This GOODGAME variant is dangerous, but what is it after? Is it a ransomware-as-a-service? Find out in the following comprehensive article.

Venus Ransomware: Not a GOODGAME for the US Healthcare Sector

Ransomware attacks have become pretty common, especially since the beginning of 2022. Apparently, no company, regardless of its profession, is safe.

Whether it’s a new variant like 0Mega or an old remodeled one like Ursnif (Gozi), we can’t help but say that such attacks are at a new high. Unfortunately, most of them are succeeding.

The Venus ransomware saw the light back in August 2022, and it already caused cyber mayhem among companies. Now, it’s back with a new variant to target health organizations in the United States. Here’s what the Health Sector Cybersecurity Coordination Center (HC3) had to say about it:

“When executed, the Venus ransomware will attempt to terminate 39 processes associated with database servers and Microsoft Office applications.

As the ransomware appears to be targeting publicly-exposed Remote Desktop services, even those running on non-standard TCP ports, it is vital to put these services behind a firewall.”

Apparently, this is just the beginning of a much bigger process. As we mentioned, the Venus ransomware underwent some upgrades to become the very aggressive GOODGAME.

This variant is capable of causing a lot of damage as described in the statement issued by the HC3:

“The ransomware will also delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention using the following command.

When encrypting files, the ransomware uses AES and RSA algorithms and will append the ‘.venus’ extension. In each encrypted file, a ‘goodgamer’ filemarker and other information are added to the end of the file.”

In the US, the Venus ransomware hasn’t been spreading much, well not yet at least. However, according to HC3, at least one US healthcare entity has fallen victim to its operations.

Healthcare entities should have ransomware recovery plans in place as the ransom fee is not cheap. Cybercriminals’ demands have been known to start at 1 Bitcoin (BTC) or less than $20,000.

GOODGAME Ransomware – Healthier than Ever

No matter what organization you’re running, you always have to remain vigilant and employ security best practices to fend off such ransomware incidents.

Unlike regular malware, this won’t just cost you your sensitive information, it’ll cost you a lot of money. Threat actors are not messing around, and neither should you. Stay safe.

Add a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

as-seen-on