Eldorado, a ransomware-as-a-service, surfaced in March 2024 and has already claimed 16 victims, especially in the U.S.
Eldorado, a ransomware-as-a-service, surfaced in March 2024 and has already claimed 16 victims, especially in the U.S. It primarily targets the real estate, education, healthcare, and manufacturing sectors. Being a Go-based ransomware, it can encrypt both Linux and Windows platforms using locker variants.
As observed by researchers at the Cybersecurity company Group-IB, the malicious service is being promoted by the gang operators on RAMP forums (Russian Anonymous Market Place), a hub for Cybercriminal activities. It is also looking for skilled associates to join their cybercriminal program.
For each locked file, a unique 32-bit key and 12-byte nonce (randomly generated number used only once) is created using the ChaCha20 encryption algorithm. The created keys and nonces are then encrypted using RSA with Optimal Asymmetric Encryption Padding scheme.
Ransom notes named “HOW_RETURN_YOUR_DATA.TXT” are dropped in the Documents and Desktop folders after encryption, and the files are appended with “.00000001” extension.
To prevent the recovery of data and to maximize its impact, Eldorado also encrypts network shares using SMB communication protocol, hence deleting shadow volume copies on the compromised Windows machines.
The ransomware prevents systems from rendering unusable/unbootable by avoiding files and directories related to the system boot functionality, so it doesn’t hinder their ability to demand a ransom. Upon observation by the researchers at the company, affiliates can even customize their attacks.
“Although Eldorado is a relatively new ransomware, it has demonstrated its capability to deal critical damage to its victims’ data, reputation, and business continuity in a very short period of time,” said Group-IB.
The following steps can help prevent these attacks to a degree:
- Implementing Multi-Factor Authentication and credential-based access.
- Backing up data regularly to minimize damage and loss.
- Use End Point Detection.
- Provide security awareness training to employees.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.