Third-Party Threats Pose Problems for Healt …

The healthcare industry has been taking quite a hit when it comes to ransomware attacks over the last few months, and the Department of Health and Human Services (HHS) is issuing a warning for all healthcare organizations to be aware to the Venus ransomware operators are targeting remote desktop services, according to Healthcare Dive.

The Venus ransomware began operating in mid-August, according to the article, and has gone after systems across the world.

HC3 [HHS’ Health Sector Cybersecurity Coordination Center] said the Venus ransomware “will attempt to terminate 39 processes associated with database servers and Microsoft Office applications,” according to the article. Organizations can protect from these attacks by putting publicly exposed remote desktop services behind a firewall.

“Also known as Goodgame, the ransomware uses algorithms to encrypt files and will append the “.venus” extension. In each encrypted file, a “goodgamer” file marker and other information are added to the end of the file,” the article stated.

Malwarebytes reported that the ransom note stated:

““We downloaded and encrypted your data. Only we can decrypt your data. IMPORTANT! If you, your programmers or your friends would try to help you to decrypt the files it can cause data loss even after you pay. In this case we will not be able to help you. Do not play with files. Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.”

In their post on the topic, Malwarebytes suggests that this ransomware approach is comparable to that of a typical remote desktop attack.

“It seems these attacks very much follow the typical Remote Services/Remote Desktop Protocol (RDP) gameplan. Break into the network via insecure access, stop processes and services according to the whims of the ransomware authors, and then encrypt the desired files. Confused people on the network will now find their filenames end with the .venus extension, and additional file markers with no currently obvious purpose placed inside the encrypted files.”

Learn more about what Malwarebytes is doing at the Minneapolis Cybersecurity Conference on Dec. 1, 2022.  Register now — space is limited. 

These threats have been well-documented, as the American Hospital Association issued a warning earlier this year extolling the virtues of preparedness, after 55% of healthcare organizations were found to have had a third-party data breach.

John Riggi, one of Data Connectors’ featured speakers and the national advisor for cybersecurity and risk, posted a blog in October citing the rising threats.

“Given that one of the cyberattacks targeting a nationwide mission-critical third party this year impacted 650 health care clients by itself, the allure of third-party targets is crystal clear. This rampant risk exposure of third- and fourth-parties has cascading ramifications for both patients and health care organizations,” Riggi wrote in his post.

He cited the value of implementing an up-to-date risk management program with four key strategies:

1. Take a hard and objective look at your existing TPRM program framework.
2. Implement third-party risk-based controls and cyber insurance requirements based on identified risk levels.
3. Consistently and clearly communicate third-party risk management policies, procedures and requirements internally.
4. Prepare intensively for incident response and recovery.