www.malwarebytes.com
Open in
urlscan Pro
2600:9000:223c:9800:16:26c7:ff80:93a1
Public Scan
URL:
https://www.malwarebytes.com/blog/news/2022/10/venus-ransomware-targets-remote-desktop-services
Submission: On October 31 via api from DE — Scanned from DE
Submission: On October 31 via api from DE — Scanned from DE
Form analysis 2 forms found in the DOM
GET
<form id="search-form" onsubmit="submitSearchBlog(event)" method="get">
<div class="searchbar-wrap-rightrail">
<label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
<input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
</label>
<button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query"><span class=""><img src="/blog/images/search.svg" alt="Magnifying glass"></span>
</button>
</div>
</form>/newsletter/
<form class="newsletter-form form-inline" action="/newsletter/">
<div class="email-input">
<label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
<input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email Address">
</label>
<input name="source" type="hidden" value="">
<input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
</div>
</form>Text Content
The official Malwarebytes logoThe official Malwarebytes logo in a blue font
Personal
Personal
* Security & Antivirus
* Malwarebytes for Windows
* Malwarebytes for Mac
* Malwarebytes for Chromebook
* Malwarebytes for Android
* Malwarebytes for iOS
* Malwarebytes AdwCleaner
* Online Privacy
* Malwarebytes Privacy VPN
* Malwarebytes Browser Guard
*
* All-in-one Protection
* Malwarebytes Premium + Privacy VPN New
* Get Started
* The ultimate guide to privacy protection New
VISIT PRIVACY HUB VISIT PRIVACY HUB
*
* Stop infections before they happen
* GET A FREE TRIAL GET A FREE TRIAL
*
* Find the right solution for you
* SEE PERSONAL PRICING SEE PERSONAL PRICING
Business
Business
* Solutions
* BY COMPANY SIZE
* Small Businesses
* single figure icon 1-99 Employees Buy Online
* Mid-size Businesses
* two figure icon 100-999 Employees
* Large Enterprise
* three figure icon 1000+ Employees
* BY INDUSTRY
* Education
* Finance
* Healthcare
* Government
* Products
* CLOUD-BASED SECURITY MANAGEMENT
* Endpoint Protection
* Endpoint Protection for Servers
* Endpoint Detection & Response
* Endpoint Detection & Response for Servers
* Incident Response
* Nebula Platform Architecture
* CLOUD-BASED SECURITY MODULES
* DNS Filtering
* Vulnerability & Patch Management
* Remediation Connector Solution
* SECURITY SERVICES
* Managed Detection and Response New
* Cloud Storage Scanning Service New
* Malware Removal Service
* NEXT-GEN ANTIVIRUS FOR SMALL BUSINESS
* For Teams
* Get Started
* * Find the right solution for your business
* See business pricing See business pricing
--------------------------------------------------------------------------------
* Don't know where to start?
* Help me choose a product See business products selector
--------------------------------------------------------------------------------
* See what Malwarebytes can do for you
* Get a free trial Get a free trial
--------------------------------------------------------------------------------
* Our sales team is ready to help. Call us now
* Phone icon +49 (800) 723-4800
Pricing
Partners
Partners
* Partner Icon Explore Partnerships
* Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Buy now Buy Now
* Partner Success Story
* Marek Drummond
Managing Director at Optimus Systems
"Thanks to the Malwarebytes MSP program, we have this high-quality product in
our stack. It’s a great addition, and I have confidence that customers’
systems are protected."
* See full story See full story
Resources
Resources
* Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
* Malwarebytes Labs – Blog
* Glossary
* Threat Center
* Business Resources
* Reviews
* Analyst Reports
* Case Studies
* Press & News
* Events
*
Featured Event: RSA 2021
* See Event See event
Support
Support
* Technical Support
* Personal Support
* Business Support
* Premium Services
* Forums
* Vulnerability Disclosure
* Watch Icon Training for Personal Products
* Watch Icon Training for Business Products
* Featured Content
* Privacy Logo
Activate Malwarebytes Privacy on Windows device.
* See Content See content
FREE DOWNLOAD
CONTACT US
CONTACT US
* Personal Support
* Business Support
* Talk to Sales
* Contact Press
* Partner Programs
* Submit Vulnerability
COMPANY
COMPANY
* About Malwarebytes
* Careers
* News & Press
SIGN IN
SIGN IN
* My Account
* Cloud Console
* Partner Portal
SUBSCRIBE
News
VENUS RANSOMWARE TARGETS REMOTE DESKTOP SERVICES
Posted: October 20, 2022 by Christopher Boyd
We take a look at reports of Venus ransomware targeting remote desktop
services/RDP.
It’s time for another tale of remote desktop disaster, as a newish form of
ransomware carves out a name for itself. Bleeping Computer reports that
individuals behind Venus ransomware are breaking into “publicly exposed Remote
Desktop services”, with the intention of encrypting any and all Windows devices.
Since at least August 2022, Venus has been causing chaos and has become rather
visible lately.
VENUS BRINGS BAD REMOTE TIDINGS
It seems these attacks very much follow the typical Remote Services/Remote
Desktop Protocol (RDP) gameplan. Break into the network via insecure access,
stop processes and services according to the whims of the ransomware authors,
and then encrypt the desired files. Confused people on the network will now find
their filenames end with the .venus extension, and additional file markers with
no currently obvious purpose placed inside the encrypted files.
The incredibly overt ransom note, which is somewhat difficult to read given it
sports white text on a bright orange background, reads as follows:
"We downloaded and encrypted your data. Only we can decrypt your data.
IMPORTANT! If you, your programmers or your friends would try to help you to
decrypt the files it can cause data loss even after you pay. In this case we
will not be able to help you. Do not play with files. Do not rename encrypted
files. Do not try to decrypt your data using third party software, it may cause
permanent data loss. Decryption of your files with the help of third parties may
cause increased price or you can become a victim of a scam."
You know, as opposed to being the victim of this scam instead.
A RISK WHETHER AT HOME OR IN THE OFFICE
Bleeping Computer notes one victim on their forum made several posts about being
struck by this particular slice of ransomware. This individual found their home
network under attack, external drives compromised, and a PC elsewhere in the
house being used as a server receiving similar treatment.
In this case, the issue was RDP left running as a way to access a computer
remotely. The victim notes that RDP was password protected, but it seems the
password may not have been enough. This—and the timeless classic of having
backup devices available but not getting round to doing the actual backing
up—proved to be a dreadful combination blow.
TIPS FOR AVOIDING THE RDP TO RANSOMWARE PIPELINE
RDP specifically continues to be a sore point for networks whether at home or in
the office. Even with password protection, it may not be enough, as we've just
seen to devastating effect for one unlucky individual.
If you’re running Windows 11, you’ll be pleased to know that Microsoft is taking
action to help shore up the ways attackers can use RDP to break in. This has
been achieved by limiting the number of times you can attempt to login, as per
our article from back in July. If you’re interested in locking down your RDP in
other ways, we have a long list of tactics for you to try out. The full list of
tricks and tips from March can be seen here. Some of the key actions you should
consider taking right now include:
* Use multifactor authentication for your RDP access. Attackers may crack your
password, but without that second form of authentication to hand they’re
going to find it a lot harder to get in.
* Rate limiting may now be somewhat redundant if you’re using Windows
11 considering recent security changes, but if not, this will slow down the
speed that attackers can keep trying to guess your login.
* Place your RDP behind a VPN, but make sure you focus on keeping the VPN login
secure as this is now your new point of access. This can be done by using
multifactor authentication for login, and ensuring any email address tied to
your account is similarly protected. If you're able to use rate limiting
alongside your VPN login too, then so much the better.
Stay safe out there!
SHARE THIS ARTICLE
--------------------------------------------------------------------------------
COMMENTS
--------------------------------------------------------------------------------
RELATED ARTICLES
News
A WEEK IN SECURITY (OCTOBER 24 - 30)
October 31, 2022 - The most important and interesting computer security stories
from the last week.
CONTINUE READING 0 Comments
Exploits and vulnerabilities | News
A CHROME FIX FOR AN IN-THE-WILD EXPLOIT IS OUT—CHECK YOUR VERSION
October 28, 2022 - Google has issued an update for Chrome to fix an issue in the
V8 JavaScript engine
CONTINUE READING 0 Comments
Business
WHAT IS RANSOMWARE-AS-A-SERVICE AND HOW IS IT EVOLVING?
October 27, 2022 - Diving into how RaaS works, why it poses a unique threat to
businesses, and how small-and-medium-sized (SMBs) businesses can prepare for the
next generation of RaaS attacks.
CONTINUE READING 1 Comment
News
MEDIBANK CUSTOMERS' PERSONAL DATA COMPROMISED BY CYBER ATTACK
October 27, 2022 - Australian health care insurance company Medibank confirmed
that the threat actor behind the cyberattack on the company had access to the
data of at least 4 million customers
CONTINUE READING 0 Comments
News
MAINTENANCE MODE AIMS TO KEEP PHONE DATA PRIVATE DURING REPAIRS
October 27, 2022 - We take a look at a new mode developed by Samsung which aims
to keep data safe during a repair.
CONTINUE READING 0 Comments
--------------------------------------------------------------------------------
ABOUT THE AUTHOR
Christopher Boyd
Lead Malware Intelligence Analyst
Former Director of Research at FaceTime Security Labs. He has a very particular
set of skills. Skills that make him a nightmare for threats like you.
Contributors
Threat Center
Podcast
Glossary
Scams
Write for Labs
Cyberprotection for every one.
twitter
facebook
linkedin
Youtube
instagram
Cybersecurity info you can't do without
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Cyberprotection for every one.
FOR PERSONAL
Windows
Mac
iOS
Android
VPN Connection
SEE ALL
COMPANY
About Us
Contact Us
Careers
News and Press
Blog
Scholarship
Forums
FOR BUSINESS
Small Businesses
Mid-size Businesses
Large Enterprise
Endpoint Protection
Endpoint Detection & Response
Managed Detection and Response (MDR)
MY ACCOUNT
Sign In
SOLUTIONS
Free Rootkit Scanner
Free Trojan Scanner
Free Virus Scanner
Free Spyware Scanner
Anti Ransomware Protection
SEE ALL
ADDRESS
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
LEARN
Malware
Hacking
Phishing
Ransomware
Computer Virus
Antivirus
What is VPN?
COMPANY
About Us
Contact Us
Careers
News and Press
Blog
Scholarship
Forums
MY ACCOUNT
Sign In
ADDRESS
3979 Freedom Circle, 12th Floor
Santa Clara, CA 95054
ADDRESS
One Albert Quay, 2nd Floor
Cork T12 X8N6
Ireland
twitter
facebook
linkedin
Youtube
instagram
English
Legal
Privacy
Accessibility
Vulnerability Disclosure
Terms of Service
© 2022 All Rights Reserved
Select your language
* English
* Deutsch
* Español
* Français
* Italiano
* Português (Portugal)
* Português (Brasil)
* Nederlands
* Polski
* Pусский
* 日本語
* Svenska