New NailaoLocker ransomware used against EU healthcare orgs

A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. The attacks exploited CVE-2024-24919, a Check Point Security Gateway vulnerability, to gain access to targeted networks and deploy the ShadowPad and PlugX malware, two families tightly associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT links the attacks to Chinese cyber-espionage tactics, though there's not enough evidence to attribute them to specific groups. NailaoLocker details Orange's researchers report that NailaoLocker is a relatively unsophisticated ransomware strain compared to the most prominent families in the space. The reason why Orange sees NailaoLocker as a rather basic ransomware is that, it does not terminate security processes or running services, it lacks anti-debugging and sandbox evasion mechanisms, and does not scan network shares. "Written in C++, NailaoLocker is r ... Read full article.