1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Remote desktop services targeted by devious ransomware

    From TechnologyDaily@1337:1/100 to All on Mon Oct 17 15:45:03 2022
    Remote desktop services targeted by devious ransomware

    Date:
    Mon, 17 Oct 2022 14:36:59 +0000

    Description:
    Venus ransomware encrypting important files and demanding Bitcoin in exchange for the decryption key.

    FULL STORY ======================================================================

    Publicly exposed Remote Desktop services are being abused to deploy new ransomware onto target endpoints, researchers are saying.

    A cybersecurity researcher going by the name linuxct recently reached out to MalwareHunterTeam to try and learn more about a ransomware strain they discovered called Venus.

    The team later found that the ransomware operators had been active since mid-August 2022, targeting victims across the world by gaining access to a corporate network through the Windows Remote Desktop protocol, even when an organization uses an unusual port number for the service. Hiding behind a firewall

    The best way to protect against such attacks, researchers concluded, is to
    put these services behind a firewall . Whats more, Remote Desktop Services shouldnt be publicly exposed, and would ideally be accessible only through a Virtual Private Network ( VPN ).

    As for Venus ransomware, the modus operandi is nothing out of the ordinary
    for this type of malware. Once network mapping, endpoint identification, and other reconnaissance work is done, the malware will kill 39 processes used by database servers and Office applications. Event logs and shadow copy volumes would get deleted, Data Execution Prevention would get disabled, and all
    files would be encrypted to carry the .venus extension. Read more

    DHS warns of ransomware activity targeting remote access software


    Remote desktop cyberattacks top new high


    Check out the best encryption software right now

    Finally, the ransomware would create a ransom note, demanding payment in cryptocurrencies in exchange for the decryption key. Venus would usually demand payment in bitcoin, and the latest information points to the group demanding 0.02 BTC, or approximately $380, for the decryption key.

    The end of the ransom note holds a base64 encoded blob, which researchers believe is most likely the encrypted decryption key, and new submissions are being uploaded to ID Ransomware daily,

    Last year, there was another ransomware strain using the same encrypted file extension, but researchers are not sure if its the same ransomware variant or not. Check out the best endpoint protection services around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/remote-desktop-services-targeted-by-devious-ran somware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)