VERY IMPORTANT

NailaoLocker, a new ransomware variant targeting Windows systems, uses AES-256-CBC encryption and uniquely incorporates SM2 cryptography with hard-coded keys. It employs DLL side-loading for execution and uses I/O Completion Ports for multi-threaded file processing. The ransomware includes both encryption and decryption modes, with a built-in SM2 key pair. However, testing revealed the embedded private key fails to decrypt files properly, suggesting it may be a trap or an incomplete build. NailaoLocker's use of Chinese SM2 standards for key protection marks a departure from typical ransomware practices. While the decryption logic functions correctly with valid key material, the variant's true intent remains unclear.