Healthcare entities have been subjected to intrusions involving the novel Mimic ransomware variant dubbed "ELENOR-corp" that features advanced data theft and anti-analysis capabilities, according to Infosecurity Magazine.
Aside from securing command-line access to facilitate credential-less remote command execution and disconnecting virtual drives, the highly obfuscated ELENOR-corp also features persistent registry entries and allows parallel RDP sessions for accelerated compromise across various networks, a report from Morphisec revealed. ELENOR-corp also leverages Python-compiled clipper malware to pilfer credentials before using Netscan and Mimikatz for RDP-based lateral movement, as well as Edge browsers for data exfiltration, said researchers. Malicious activity is then concealed by ELENOR-corp by erasing not only logs, file indexing histories, and registry entries but also the Windows backup catalog and Recycle Bin, indicating significant complications in data restoration efforts. Organizations have been urged to mitigate ELENOR-corp ransomware's threat by adding multi-factor authentication to RDP configurations, ensuring offline backups, and tracking forensic tampering.
Aside from securing command-line access to facilitate credential-less remote command execution and disconnecting virtual drives, the highly obfuscated ELENOR-corp also features persistent registry entries and allows parallel RDP sessions for accelerated compromise across various networks, a report from Morphisec revealed. ELENOR-corp also leverages Python-compiled clipper malware to pilfer credentials before using Netscan and Mimikatz for RDP-based lateral movement, as well as Edge browsers for data exfiltration, said researchers. Malicious activity is then concealed by ELENOR-corp by erasing not only logs, file indexing histories, and registry entries but also the Windows backup catalog and Recycle Bin, indicating significant complications in data restoration efforts. Organizations have been urged to mitigate ELENOR-corp ransomware's threat by adding multi-factor authentication to RDP configurations, ensuring offline backups, and tracking forensic tampering.
