2025-02-22 10:44:12 Pacfic
NailaoLocker Ransomware Targets Healthcare - 1d
A new ransomware strain called NailaoLocker has been identified targeting European healthcare organizations between June and October 2024. The ransomware is delivered through ShadowPad and PlugX backdoors, after attackers exploit vulnerabilities in VPNs to gain access to targeted networks. These backdoors have been linked to Chinese state-sponsored threat groups, raising concerns about the origin and sophistication of the attacks.
Orange Cyberdefense CERT investigated incidents and observed the threat actor leveraging both ShadowPad and PlugX. The campaign, tracked as Green Nailao, impacted several European organizations, including those in the healthcare sector. While Orange Cyberdefense doesn't attribute this campaign to a known threat group, they assess with medium confidence that the threat actors align with typical Chinese intrusion sets, noting somewhat similar TTPs and payloads publicly mentioned by other DFIR teams.
ImgSrc: mnwa9ap4czgf-u1335.pressidiumcdn.com
References:
- CyberInsider - NailaoLocker Ransomware Uses VPN Flaw to Attack Healthcare Orgs - 1d
- DataBreaches.Net - Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors - 1d
- Security Affairs - NailaoLocker ransomware targets EU healthcare-related entities - 1d
- www.bleepingcomputer.com - A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. - 1d
- cyberinsider.com - NailaoLocker Ransomware Uses VPN Flaw to Attack Healthcare Orgs - 1d
- The Hacker News - China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware - 1d
- @VirusBulletin - Meet NailaoLocker, a ransomware distributed in Europe by ShadowPad & PlugX backdoors - 21h
- Check Point Blog - Patch Now: Check Point Research Explains Shadow Pad, NailaoLocker, and its Protection - 14h
- Talkback Resources - European healthcare organizations targeted by Green Nailao campaign using PlugX, ShadowPad, and NailaoLocker ransomware, exploiting Check Point security flaw for initial access and employing various t - 5h
- blog.checkpoint.com - Check Point Research Explains Shadow Pad, NailaoLocker, and its Protection A newly identified threat activity cluster leveraged the already-patched Check Point vulnerability CVE-2024-24919 (fixed in M - 1h
Classification:
- HashTags: Ransomware Healthcare NailaoLocker
- Company: European Healthcare
- Target: European healthcare organizations
- Attacker: NailaoLocker
- Product: Ransomware
- Feature: VPN Flaw
- Type: Ransomware
- Severity: Major