Ransomware Tracker (Entry #258): NailaoLocker

WatchGuard summarizes research revealing the Green Nailao campaign (June–October 2024) that exploited a critical Check Point zero-day (CVE-2024-24919) to infiltrate networks—primarily European healthcare—using PlugX and ShadowPad for persistence and exfiltration, and deploying NailaoLocker ransomware (AES-256-CTR, ".locked") with ransom contact via ProtonMail; research attributes activity to Chinese-based actors and reports victims across Europe, Asia, and South America.