A relatively new ransomware group is found hitting the publicly exposed remote desktop connections – even on through the non-standard ports.
Named Venus Ransomware, the group terminates a number of legitimate Windows processes before encrypting the target system and even deletes the event logs and shadow copies to prevent data recovery.
Venus Ransomware Modus Operandi
As noted by a security analyst and later by BleepingComputer , a new ransomware named Venus group – which started its operations in August 2022 – has been targeting publicly exposed remote desktop systems .
@malwrhunterteam Hey, do you have any details about ‘Venus’ ransomware (not VenusLocker, extension is .venus instead of .venusf). Infection happened via RDP. Can give more details in DM if wanted. — linuxct (@linuxct) October 6, 2022
