Summary: A new ransomware variant called Elysium, linked to the Ghost ransomware family, targets critical sectors like healthcare and government. The attackers exploit outdated applications to gain access and deploy various tools to execute a multi-stage attack. Elysium disrupts recovery efforts by targeting backups and encrypting files with a specific extension while demanding a ransom in Monero for decryption.
Affected: Organizations in critical infrastructure, healthcare, and government sectors
Keypoints :
- Elysium employs a multi-stage attack chain, utilizing tools such as Cobalt Strike and Mimikatz.
- The ransomware targets backup services and modifies system statuses to impede recovery efforts.
- Files are encrypted with AES-256, and a ransom note demands payment in Monero for the decryption key.