Summary: A new ransomware variant called ELENOR-corp, identified as version 7.5 of the Mimic ransomware, has been targeting the healthcare sector with sophisticated tactics aimed at enhancing damage and complicating recovery. This strain features advanced capabilities including data exfiltration, persistent access, and aggressive evidence tampering, posing serious risks to affected organizations. Security experts recommend adopting better RDP configurations and maintaining offline backups to mitigate the threat.
Affected: Healthcare sector
Keypoints :
- ELENOR-corp ensures command-line access through the sticky keys bypass technique and effectively dismounts virtual drives to prevent hidden data storage.
- The ransomware implements evidence tampering by deleting logs and overwriting its own binaries, limiting forensic recovery efforts.
- It employs aggressive propagation techniques including parallel RDP sessions and backup deletion strategies to hinder data restoration for victims.
Source: https://www.infosecurity-magazine.com/news/elenor-corp-ransomware-targets/