HHS cybersecurity center warns of new ransomware threat

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) warns that Venus ransomware operators are targeting remote desktop services to encrypt Windows devices. At least one health organization in the United States has been hit by the threat, HC3 says. The warning comes on the heels of an extensive ransomware attack in October at CommonSpirit Health. Venus is the latest in a wave of threats HHS has sounded the alarm over in the past year. Cyber threats to third parties, such as medical device suppliers and supply chain vendors, are also skyrocketing, the American Hospital Association has warned. The Venus ransomware will attempt to terminate 39 processes associated with database servers and Microsoft Office applications.

To shield against such attacks, it is vital to put publicly exposed remote desktop services behind a firewall, HC3 says. Furthermore, HC3 suggests enterprises develop a recovery plan to save multiple copies of data and servers in a separate location, segregate networks and password-protect offline backups, and update antivirus software and operating systems, software, and firmware. The research recommends adding a banner to emails from outside the organization, removing unused ports and URLs in received emails, imposing multi-factor authentication, adopting NIST standards for password policies, and rate limiting to delay attackers’ login guessing.

Source: Healthcare Dive