HomeRisk ManagementsELENOR-corp Ransomware Targets Healthcare Sector

ELENOR-corp Ransomware Targets Healthcare Sector

Published on

spot_img

A new variant of ransomware, called ELENOR-corp, has been making headlines recently due to its targeted attacks on the healthcare sector. This strain, identified as version 7.5 of the Mimic ransomware, comes equipped with a variety of advanced capabilities that are specifically designed to cause maximum damage and hinder recovery efforts.

One of the unique features of this latest iteration of the Mimic ransomware is its ability to maintain command-line access regardless of system restrictions. This allows attackers to execute remote commands without needing user credentials, thanks to the sticky keys bypass technique. Additionally, ELENOR-corp forcibly dismounts virtual drives to prevent hidden data storage, further complicating recovery efforts.

When deployed, the ransomware creates persistent registry entries and displays a ransom demand on the Windows login screen. Attackers can fine-tune encryption parameters using a GUI interface if .NET 4.0 is present. To avoid detection, the executable is obfuscated, making analysis difficult for security professionals.

However, what sets ELENOR-corp apart is its aggressive evidence tampering tactics. The ransomware deletes logs, file indexing histories, and registry entries, while also using fsutil commands to overwrite and delete its own binaries, making forensic recovery challenging. The malware even modifies power settings to disable sleep and hibernation modes, thereby increasing encryption speed.

To quickly spread across networks, ELENOR-corp allows for parallel RDP sessions and overrides restrictions on concurrent logins. It scans network shares, encrypting target shares while excluding some administrative shares. Additionally, the ransomware deletes Windows backup catalogs and Recycle Bin contents, making it difficult for victims to restore their data without extensive intervention.

Key techniques used by ELENOR-corp, as outlined in a recent advisory by Morphisec, include credential harvesting, RDP-based lateral movement, persistent file indexing, data exfiltration via web browsers, encryption of remote network shares, and destruction of system backups. To combat this threat, security researchers recommend enhancing RDP configurations with multifactor authentication, monitoring for forensic tampering, and maintaining offline backups.

In conclusion, ELENOR-corp represents a dangerous evolution in ransomware tactics, with its advanced capabilities posing a significant threat to organizations, particularly in the healthcare sector. As attackers continue to refine their techniques, it is crucial for businesses to stay vigilant, update their security measures, and have robust backup strategies in place to protect against such threats.

Source link

Latest articles

Government Launches Cyber Resilience Pledge with Over 60 Signatories

The UK government has announced that over 60 businesses have officially joined a new...

SindriKit 1.3.0 Exploits Call Stack Spoofing to Evade EDR Detection

SindriKit 1.3.0: A Major Leap in Evasion Techniques Against EDR Systems The recent release of...

The Evolving Role of the CISO as the Future CFO

The Pressing Question of Cybersecurity Assurance: Is the CISO Role Sustainable? In the fast-evolving landscape...

Why the Gentlemen Ransomware Challenges Identity and Recovery Controls

Emerging Threat: The Gentlemen Ransomware Group Targeting Enterprises Globally A recent report by cybersecurity firm...

More like this

Government Launches Cyber Resilience Pledge with Over 60 Signatories

The UK government has announced that over 60 businesses have officially joined a new...

SindriKit 1.3.0 Exploits Call Stack Spoofing to Evade EDR Detection

SindriKit 1.3.0: A Major Leap in Evasion Techniques Against EDR Systems The recent release of...

The Evolving Role of the CISO as the Future CFO

The Pressing Question of Cybersecurity Assurance: Is the CISO Role Sustainable? In the fast-evolving landscape...