Nov 30, 2022
Author: Kaustubh Jagtap, Product Marketing Director, SafeBreach
The SafeBreach Platform has been updated with coverage for several newly discovered threats including novel malware and ransomware variants. SafeBreach customers can select and run these attacks from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threat and our coverage can be seen below.
This ransomware variant (also known as GOODGAME) has been active since August 2022 and has targeted victims worldwide. Threat actors leveraging Venus ransomware are targeting publicly exposed Remote Desktop Services (RDP), including those running on non-standard TCP ports to encrypt Windows devices. Based on the information available, Venus ransomware will attempt to terminate 39 processes associated with database servers and Microsoft Office applications. The ransomware will delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention. When encrypting files, the ransomware uses AES and RSA algorithms and will append the ‘.venus’ extension. In each encrypted file, a ‘goodgamer’ filemarker and other information are added to the end of the file. Open-source reports indicate that initial ransom demands may start around 1 BTC or less than USD $20,000. Samples in the wild have been observed contacting IP addresses in various countries including the US, Great Britain, Denmark, France, Ireland, the Netherlands, Russia, and Japan.
SafeBreach Coverage of Venus Ransomware
The SafeBreach platform has been updated with the following attacks to ensure our customers can validate their security controls against the new ransomware variant.
Support the originator by clicking the read the rest link below.