New NailaoLocker ransomware used against EU healthcare orgs

Orange has shared several hypotheses for the attacks, including false flag operations meant to distract, strategic data theft operations doubled with revenue generation, and, more likely, a Chinese cyberespionage group "moonlighting" on the side to earn some money. The reason why Orange sees NailaoLocker as a rather basic ransomware is that, it does not terminate security processes or running services, it lacks anti-debugging and sandbox evasion mechanisms, and does not scan network shares. Compared to North Korean actors who are known to pursue multiple goals in parallel, including financial gains via ransomware attacks, Chinese state-backed actors haven't followed this approach, so the shift in tactics is concerning. Investigating deeper, Orange says they found some overlap between the content of the ransom note and a ransomware tool sold by a cybercrime group named Kodex Softwares (formerly Evil Extractor). The attacks exploited CVE-2024-24919, a Check Point Security Gateway vulnerability, to gain access to targeted networks and deploy the ShadowPad and PlugX malware, two families tightly associated with Chinese state-sponsored threat groups. Orange's researchers report that NailaoLocker is a relatively unsophisticated ransomware strain compared to the most prominent families in the space. A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. Only last week, Symantec reported about suspected Emperor Dragonfly (a.k.a. Bronze Starlight) operatives deploying RA World ransomware against Asian software firms and demanding a ransom of $2 million. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Orange Cyberdefense CERT links the attacks to Chinese cyber-espionage tactics, though there's not enough evidence to attribute them to specific groups. The ransom note does not indicate that data was stolen, which is odd for most modern ransomware operations. "Written in C++, NailaoLocker is relatively unsophisticated and poorly designed, seemingly not intended to guarantee full encryption," mentions Orange.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 20 Feb 2025 08:20:17 +0000

Cyber News related to New NailaoLocker ransomware used against EU healthcare orgs

Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
1 year ago Securityzap.com

Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
8 months ago Techtarget.com

New NailaoLocker ransomware used against EU healthcare orgs - Orange has shared several hypotheses for the attacks, including false flag operations meant to distract, strategic data theft operations doubled with revenue generation, and, more likely, a Chinese cyberespionage group "moonlighting" on the side to ...
1 day ago Bleepingcomputer.com

Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
1 year ago Cybersecuritynews.com

The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
1 year ago Darkreading.com

Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
11 months ago Malwarebytes.com

Unveiling the true cost of healthcare cybersecurity incidents - As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity ...
1 year ago Helpnetsecurity.com

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com

Norton Healthcare discloses data breach after May ransomware attack - Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and ...
1 year ago Bleepingcomputer.com

Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
1 year ago Cysecurity.news

US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
11 months ago Bleepingcomputer.com

Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
11 months ago Bleepingcomputer.com

Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
8 months ago Esecurityplanet.com

HHS to investigate UnitedHealth and ransomware attack on Change Healthcare - The U.S. Department of Health and Human Services is launching an investigation into the ransomware attack on Change Healthcare following weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country. ...
11 months ago Therecord.media

Transforming in the Age of Healthcare Digitalization - Healthcare and technology increasingly intersect in today's world, and cybersecurity has become a primary concern for many companies. The recent attack on Change Healthcare serves as a harsh reminder of the vulnerabilities facing the healthcare ...
7 months ago Cyberdefensemagazine.com

Health Care Network in Crisis: Cyberattack Shuts Down Operations Across US - In a statement released Thursday evening by Ascension Hospital, a nonprofit network based in St. Louis with 140 hospitals across 19 states, it was also reported that electronic health records, some phone systems, as well as several systems used to ...
9 months ago Cysecurity.news

The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
9 months ago Bleepingcomputer.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com

Ransomware gang starts leaking alleged stolen Change Healthcare data - The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change ...
10 months ago Bleepingcomputer.com

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com

China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. The hackers, dubbed Green Nailao, deployed ShadowPad ...
14 hours ago Therecord.media

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com

New NailaoLocker Ransomware Attacking European Healthcare - European healthcare organizations are facing a sophisticated cyber threat from a newly identified ransomware strain called NailaoLocker, deployed as part of a campaign tracked as Green Nailao by Orange Cyberdefense CERT. The Green Nailao campaign ...
19 hours ago Cybersecuritynews.com

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com

Best Network Security Providers for Healthcare - The exponential growth of Electronic Health records, telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security. Network security providers specializing in healthcare offer a ...
9 months ago Cybersecuritynews.com

Latest Cyber News

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News - 16 minutes ago
Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - 2 hours ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 7 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 8 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 8 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 9 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 11 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 11 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 13 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 14 hours ago
CVE-2025-27097 - 18 hours ago
CVE-2025-27098 - 18 hours ago
Apiiro unveils free scanner to detect malicious code merges - 18 hours ago
Black Basta ransomware gang's internal chat logs leak online - 18 hours ago
CVE-2025-0352 - 19 hours ago
CVE-2025-1265 - 19 hours ago
CVE-2025-24893 - 19 hours ago
CVE-2025-25299 - 19 hours ago
Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released - 19 hours ago
New NailaoLocker Ransomware Attacking European Healthcare - 19 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News - 16 minutes ago
Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - 2 hours ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 7 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 8 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 8 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 9 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 11 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 11 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 13 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 14 hours ago
CVE-2025-1272 - 2 days ago
CVE-2025-27090 - 1 day ago
CVE-2023-51305 - 1 day ago
CVE-2024-10339 - 1 day ago
CVE-2024-37359 - 1 day ago
CVE-2024-37360 - 1 day ago
CVE-2024-5705 - 1 day ago
CVE-2024-5706 - 1 day ago
CVE-2025-21355 - 1 day ago
CVE-2025-24989 - 1 day ago