Skip to main content Link Menu Expand (external link) Document Search Copy Copied
DFIR Ransomware Project
Category Details References
Actors    
First Observed May 2021. Possible new variant/group active since August 2022 1
Threat Actors TBD  
Environment    
Platforms Windows 2
Artifacts    
Extensions .venus
.Ywkfistef
.anigma		 2
Ransomware Notes README.txt


README.html, README.hta
Also can change desktop wallpaper to ransom note		 2


3
Services It Disables Disables at least 39 named services 2
Other Observables TBD  
Automation    
Automatically Gains Access Not automated, typically accessed via RDP 1
Automatically Escalates Privileges No  
Requires Human Interaction No  
Automatic Exfiltration No  
Automatic Propagation No  

Please note, this page was last updated at 2023-03-14 20:21.

  1. https://www.bleepingcomputer.com/news/security/venus-ransomware-targets-publicly-exposed-remote-desktop-services/  2

  2. https://id-ransomware.blogspot.com/2021/05/venus-ransomware.html  2 3 4

  3. https://www.pcrisk.com/removal-guides/20896-venus-ransomware