Windows devices are being encrypted by the new Venus ransomware, which has been compromising publicly exposed Remote Desktop services, according to BleepingComputer.
Windows Remote Desktop protocol has been leveraged by threat actors behind Venus ransomware to infiltrate corporate networks, even in the event of non-standard port number usage for the service.
Thirty-nine processes related to Microsoft Office apps and database services are being attempted to be terminated upon the execution of Venus ransomware, which will also proceed with event log and Shadow Copy Volume deletion, as well as Data Execution Prevention deactivation.
Venus ransomware has also been observed to include a "goodgamer" filemarker and additional information to encrypted files.
Meanwhile, an HTA ransom note will be created by the ransomware within the %Temp% folder and will be displayed immediately after device encryption. Venus ransomware's ransom note includes a TOX address and email address, as well as a potential encrypted decryption key.
Russia targeted by novel CryWiper malware Cyberattacks leveraging the novel CryWiper data wiper malware that poses as ransomware were reported by Kaspersky and Russian news service Izvestia to have been targeted at Russian mayors' offices and courts, according to Ars Technica.