Contact Us

On November 30, NetSPI Security Consultant, Derek Wilson, was featured in the IT Brew article called Stopping ‘Venus’ Ransomware Starts at Firewall Configuration. Read the preview below or view it online.

+++

Ransomware of the “Venus” variety has hit at least one hospital, leading the US Health Sector Cybersecurity Coordination Center (HC3) to remind security pros to lock down the attackers’ way in: Remote Desktop Services.

“As the ransomware appears to be targeting publicly-exposed Remote Desktop Services, even those running on non-standard TCP ports, it is vital to put these services behind a firewall,” reads an HC3 report from early November.

Microsoft’s Remote Desktop Protocol (RDP) enables remote connections to other computers, most frequently over TCP port 3389.

While adjusting the firewall for remote services may seem like a straightforward process—allow a few machines to use port 3389 and no one else—misconfigurations happen. To account for mistakes, network-level access control also calls for additional defenses, like penetration testing and detection analytics, according to industry pros who spoke with IT Brew.

Remote control. Like other employers who sent their workforces home in 2020, hospitals have remote-access scenarios requiring RDP. Maybe a vendor has to “remote in” to provide updates to some legacy equipment, which brings the device onto the internet, exposing it.

With enough time (and password tries), an attacker can guess the RDP login credentials and “talk” to the device.

Sophos survey in early 2022 found that 66% of surveyed healthcare organizations were hit by malware during the previous year, on par with the global average.

Venus ransomware appears to have begun operating in August 2022, hacking the RDP service to encrypt devices and terminate 39 processes associated with database servers and Microsoft Office applications, said the HC3 advisory.

While placing the RDP services behind a firewall is “vital,” according to HC3, mistakes happen.

  • A network engineer may intend to expose a device to the internet for only a short period of time…and then get distracted. “They forget about closing the hole that they poked to make this thing work,” said Derek Wilson, senior information security analyst at the penetration-testing company NetSPI.

You can read the full article at IT Brew!

Explore More News

NetSPI in the News | April 6, 2026

When AI Starts Taking Action, Security Needs to Think Differently

CIO Influence interviewed NetSPI's Field CISO, Nabil Hannan, for an April 6, 2026 article about how AI systems are evolving from generating outputs to taking autonomous actions, amplifying existing vulnerabilities and requiring organizations to adopt proactive security measures and robust governance to mitigate risks.

Learn More
NetSPI in the News | April 1, 2026

Minneapolis Cybersecurity Firm NetSPI Eyes $80M-Plus Acquisitions to Fuel AI Push

Minneapolis/St. Paul Business Jounral interviewed NetSPI's President and CEO, Aaron Shilts, for an April 1, 2026 article about NetSPI pursuing acquisitions to expand its AI capabilities, enhance customer offerings, and maintain sustainable growth among evolving industry demands.

Learn More
NetSPI in the News | March 31, 2026

March 31 is World Backup Day. Here’s How to Protect Your Data Now

Forbes interviewed NetSPI's Field CISO, Nabil Hannan, for a March 31, 2026 article about World Backup Day and the importance of protecting data.

Learn More