ELENOR-corp Ransomware: A New Mimic Ransomware Variant Attacking the Healthcare Sector

Morphisec investigated a March 2025 ransomware incident involving a new Mimic v7.5 variant (ELENOR-corp) targeting a healthcare organization; the report describes initial access via a persistent Python-compiled Clipper used for credential harvesting and reentry, extensive lateral movement using RDP and tools like Mimikatz, data exfiltration to Mega.nz, sophisticated persistence, anti-forensics (DACL manipulation, shadow copy deletion, IFEO tampering), and provides file/IP hashes and C2 IOCs to aid detection and response.