HomeRisk ManagementsELENOR-corp Ransomware Targets Healthcare Sector

ELENOR-corp Ransomware Targets Healthcare Sector

Published on

spot_img

A new variant of ransomware, called ELENOR-corp, has been making headlines recently due to its targeted attacks on the healthcare sector. This strain, identified as version 7.5 of the Mimic ransomware, comes equipped with a variety of advanced capabilities that are specifically designed to cause maximum damage and hinder recovery efforts.

One of the unique features of this latest iteration of the Mimic ransomware is its ability to maintain command-line access regardless of system restrictions. This allows attackers to execute remote commands without needing user credentials, thanks to the sticky keys bypass technique. Additionally, ELENOR-corp forcibly dismounts virtual drives to prevent hidden data storage, further complicating recovery efforts.

When deployed, the ransomware creates persistent registry entries and displays a ransom demand on the Windows login screen. Attackers can fine-tune encryption parameters using a GUI interface if .NET 4.0 is present. To avoid detection, the executable is obfuscated, making analysis difficult for security professionals.

However, what sets ELENOR-corp apart is its aggressive evidence tampering tactics. The ransomware deletes logs, file indexing histories, and registry entries, while also using fsutil commands to overwrite and delete its own binaries, making forensic recovery challenging. The malware even modifies power settings to disable sleep and hibernation modes, thereby increasing encryption speed.

To quickly spread across networks, ELENOR-corp allows for parallel RDP sessions and overrides restrictions on concurrent logins. It scans network shares, encrypting target shares while excluding some administrative shares. Additionally, the ransomware deletes Windows backup catalogs and Recycle Bin contents, making it difficult for victims to restore their data without extensive intervention.

Key techniques used by ELENOR-corp, as outlined in a recent advisory by Morphisec, include credential harvesting, RDP-based lateral movement, persistent file indexing, data exfiltration via web browsers, encryption of remote network shares, and destruction of system backups. To combat this threat, security researchers recommend enhancing RDP configurations with multifactor authentication, monitoring for forensic tampering, and maintaining offline backups.

In conclusion, ELENOR-corp represents a dangerous evolution in ransomware tactics, with its advanced capabilities posing a significant threat to organizations, particularly in the healthcare sector. As attackers continue to refine their techniques, it is crucial for businesses to stay vigilant, update their security measures, and have robust backup strategies in place to protect against such threats.

Source link

Latest articles

Check Point CTO Jonathan Zanger Envisions AI Enhancing Cybersecurity Value

Check Point Software CTO Discusses AI's Impact on Cybersecurity at Engage 2026 In a recent...

Cyber Briefing – July 10, 2026 – CyberMaterial

Cybersecurity Updates: Key Threats and Responses In recent developments within the cybersecurity landscape, multiple high-profile...

Sysdig Reveals the First Documented Agentic Ransomware Operation

Security researchers at Sysdig have unveiled what they propose as the inaugural case of...

FastNetMon Introduces Netomics, a Self-Hosted Routing Intelligence Platform

London, United Kingdom, July 10th, 2026, CyberNewswire In a significant development within the realm of...

More like this

Check Point CTO Jonathan Zanger Envisions AI Enhancing Cybersecurity Value

Check Point Software CTO Discusses AI's Impact on Cybersecurity at Engage 2026 In a recent...

Cyber Briefing – July 10, 2026 – CyberMaterial

Cybersecurity Updates: Key Threats and Responses In recent developments within the cybersecurity landscape, multiple high-profile...

Sysdig Reveals the First Documented Agentic Ransomware Operation

Security researchers at Sysdig have unveiled what they propose as the inaugural case of...