European healthcare organizations

Between June and October 2024, European healthcare entities were targeted by the NailaoLocker ransomware as part of The Green Nailao campaign. The attackers exploited a zero-day flaw, CVE-2024-24919, in Check Point VPN appliances to gain unauthorized access. The ransomware, which exhibited poor design and a lack of sophisticated features, encrypted files and appended a '.locked' extension, demanding a ransom paid in Bitcoin. No indication of data theft was mentioned in the ransom note. The threat actors, potentially linked to Chinese APTs, used ShadowPad and PlugX malware for lateral movement and persistence, with motives ranging from espionage to financial gain. The attack disrupted healthcare services and potentially risked patient data, although the full extent of the damage remains undisclosed.

Source: https://securityaffairs.com/174440/malware/nailaolocker-ransomware-targets-eu-healthcare-related-entities.html

"id": "eur000022125",
"linkid": "european-public-health-alliance",
"type": "Ransomware",
"date": "2/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"