Eldorado Ransomware Hits Windows & Linux Systems: Facts Inside
A brand new ransomware operator has joined the fray
There is a brand new player in the ransomware-as-a-service (RaaS) scene, and it’s called Eldorado.
Cybersecurity researchers Group-IB have been tracking the group for some time now, and have even obtained a version of the encryptor for analysis.
As per the researchers, Eldorado is not a rebrand of a previous threat actor, and probably has entirely new people running it. Most likely, it started its operation in March this year, as that is roughly the time the researchers saw the group advertise its services on the dark web and first called for skilled affiliates to join the program.
The encryptor was designed for Windows and Linux devices and is also capable of targeting VMware ESXi hypervisors. Since March, it has claimed 16 victims, mainly in real estate, education, healthcare, and manufacturing.
The developers assert that Eldorado does not rely on previously published builder sources and claim to have built the encryptor to offer a degree of customization. On Linux, affiliates can select which directories to encrypt, while on Windows, they can choose directories, skip local files, target network shares on specific subnets, and prevent the malware from self-destructing.
Otherwise, its default setting is to self-delete to prevent security teams from conducting a post-mortem analysis.
The group also mentioned a data leak site, but according to BleepingComputer, it is currently offline.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Although relatively new and not a rebrand of well-known ransomware groups, Eldorado has quickly demonstrated its capability within a short period of time to inflict significant damage to its victims’ data, reputation, and business continuity,” Group-IB’s researchers wrote in their analysis.
As with most other cyberattacks, a ransomware attack usually relies on a person clicking a malicious link, or running a malicious file locally, so the best protection against ransomware is to educate your employees on the dangers of phishing and social engineering attacks.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Microsoft SmartScreen vulnerability can be abused to deploy malware, and it’s happening in the wild
Shopify points to third-party app for data breach
The world’s best travel camera has dropped to under $1,000 ahead of Prime Day
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.