By Nermeen Nabil Khear 
- A new ransomware strain was seen targeting healthcare firms
- NailaoLocker targets are mostly located in Europe
- The encryptor was very basic, but still poses a threat
Healthcare organizations in Europe are being targeted by a never-before seen ransomware strain called NailaoLocker, experts have warned.
Cybersecurity researchers Orange Cyberdefense revealed the threat actors distributing NailaoLocker are most likely of Chinese origin. They are apparently abusing a high-severity vulnerability in Check Point Security Gateways to enumerate and extract password hashes for all local accounts.
The vulnerability is tracked as CVE-2024-24919, and was patched in May 2024.
Diversion
“Due to the fact all observed Check Point instances were still vulnerable at the time of their compromise, CVE-2024-24919 likely enabled the threat actors to retrieve user credentials and to connect to the VPN using a legitimate account,” Orange said.
The attackers would abuse this vulnerability to side-load a vulnerable DLL file, and use it to deploy ShadowPad and PlugX malware. These, in turn, would drop NailaoLocker and encrypt files on the victim computers.
The locker itself is apparently very basic, almost amateurish. Orange says it doesn’t kill security processes or running services, has no anti-debugging or sandbox evasion techniques, and doesn’t scan network shares. “Written in C++, NailaoLocker is relatively unsophisticated and poorly designed, seemingly not intended to guarantee full encryption,” Orange said.
That has fueled speculation that encryption is not the end goal of these campaigns. Instead, they could either be a way to divert attention from the actual goal, which is to steal sensitive data from the targets, or a way to earn a little money on the side, while at the same time achieving the true goal of cyber-espionage. However, Orange also said the targets were mostly healthcare organizations which are not exactly the usual targets for cyber-espionage.
The researchers don’t know for sure, therefore they’re not attributing this attack to any particular threat actor, at least not yet.
Via BleepingComputer
You might also like
- United Healthcare data breach may have affected 190 million Americans
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.