Recently, Hold Security researchers gained visibility into discussions among members of the two ransomware groups Cl0p ransomware group, (which is thought to be originated from the TA505 group), and a relatively new ransom group known as Venus. These group actors are conspiring attacks against the healthcare sector, and executives of organizations, specifically in the U.S.

Revelations about Venus

Venus’s latest scheme revolves around framing executives employed with public companies for insider trading charges.
  • It edits one or more email inbox files at a victim firm to insert messages discussing the company’s insider trading information on non-public information.
  • It tricks the potential victim into believing that these files were created on his computer and threaten him with the publication or release of these records.
  • Experts stated that the attackers can plant emails in inboxes using Microsoft Outlook .pst files from a compromised system.

Revelations about Cl0p

Cl0p ransomware members are targeting healthcare organizations that provide consultations over the internet and sending them booby-trapped medical records for the patient.
  • In this method, they send doctors or nurses infected files disguised as ultrasound images or other medical documents for a patient seeking a remote consultation on issues such as cardiovascular disease or cirrhosis, or fibrosis of the liver.
  • The discussions revealed that Cl0p members haven’t claimed as many victims. However, they bragged twice about meeting success in infiltrating new victims in the healthcare industry.

Conclusion

The discussion insights between these group members speak volumes about their collaborated effort to take down specific targets for financial gains. While Cl0p operators are frequently changing malware and driving global trends in criminal malware distribution, Venus is making its presence felt global. Organizations are recommended to train their employees and staff to identify and respond to phishing emails and avoid falling into such traps.
Cyware Publisher

Publisher

Cyware