Venus Ransomware: Secure Remote Desktop Access!

A relatively new malware is making its rounds by the name of “Venus”. According to MalwareHunterTeam, it first appeared in August, with additional attacks in September and October. Although recent, attackers are actively targeting networks and devices, with new submissions uploaded daily to request identification of ransomware. Read on to learn more about Venus Ransomware and how you can take preventative measures in case of an attack.

Who or what does Venus Cryptoware target?

Threat actors behind this cryptovirus go after vulnerable devices using Remote Desktop Services. This is a component of Windows that allows users to remotely access another device as well as Windows applications. Publicly exposed systems or those that have weak password protection are particularly at risk.

Venus Ransomware operators aren’t picky and go after devices regardless of whether it’s in a home or office environment. Bleeping Computer mentions a victim on their forum who found their home network, external drives, and desktop all compromised. In this instance, the user left Remote Desktop Services running, allowing the PC to be accessed remotely. The computer had password-protected Remote Access but was not enough to keep the attacker out. And although the victim had backup devices, there wasn’t a recent enough backup to replace the damage that Venus had done.

What does a cybercriminal do once they’ve broken into a system?

After a Venus Cryptoware operator gains access to a device or network, the attacker stops 39 processes and services linked to database servers and Office applications. Stopping these may reduce the chances of built-in security from interfering with the breach. They will also delete event logs and shadow copies on the system. This prevents the victim from seeing changes made to the system, as well as being able to restore from backups.

In addition, the attacker executes a code to disable Data Execution Prevention. This security feature protects your system from viruses or other security threats. By disabling it, it allows Venus Ransomware to run its malicious code, encrypting files and data. The encryption process also adds the extension “.venus” to the end of file names (i.e., bird.jpg.venus). When Venus finishes encrypting the device, a ransom note automatically displays with warnings and a request for payment. To regain access, the victim of a Venus Cryptoware attack must pay the ransom, typically in the form of cryptocurrency. And that’s saying the cybercriminal keeps their word and releases the files and data!

What can I do to prevent a Venus Ransomware Attack?

Make it difficult for a threat operator to access your systems via Remote Desktop Protocol! To protect yourself or organization, do not leave Remote Desktop Services running. Lock down access with a strong password combined with multi-factor authentication. Have a strong firewall in place and make sure to have anti-malware software installed. Make sure to set up a regular, secured backup as well, so that you always have something to fall back on.

Let us help you take preventative measures!

At OC Cloud9, we proactively protect our client data by staying one step or more ahead of potential cyberattacks. Let’s protect you against Venus Ransomware and other cyberthreats! Our team is passionate about data security and protection. OC Cloud9 and Orange County Computer, Inc. have a proven track record of happy customers with smooth transitions into private cloud solutions. Our beginning-to-end process ensures your business needs are met through extensive research, design, and implementation of our cloud services.

Learn more about our solutions by visiting our website or speak with a member of our Cloud Solutions Team any time at our Orange County office by calling (949) 522-7709. Contact us today!