July 5, 2024 at 11:57AM
A new ransomware-as-a-service (RaaS) called Eldorado has emerged, targeting both Windows and Linux platforms. The ransomware aims to encrypt files and extort victims. Group-IB researchers have noted the malware’s capabilities and provided defense recommendations, including implementing multi-factor authentication, utilizing endpoint detection, taking regular backups, educating employees, and refraining from paying ransom.
From the meeting notes, here are the key takeaways:
1. A new ransomware-as-a-service (RaaS) called Eldorado has emerged, with variants for VMware ESXi and Windows. It has targeted victims primarily in the U.S. across real estate, educational, healthcare, and manufacturing sectors.
2. Eldorado’s operators are promoting the malicious service on RAMP forums and seeking skilled affiliates to join the program.
3. The ransomware can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities. It uses the ChaCha20 algorithm for encryption and generates unique keys and nonces for each locked file.
4. Eldorado also encrypts network shares using the SMB communication protocol and deletes shadow volume copies on compromised Windows machines to prevent recovery. It’s designed to evade detection and analysis.
5. To defend against the Eldorado ransomware and other attacks, Group-IB recommends implementing multi-factor authentication, using EDR, taking regular data backups, employing AI-based analytics for intrusion detection, patching security vulnerabilities, educating employees on cybersecurity threats, conducting security assessments, and refraining from paying ransoms.
These clear takeaways from the meeting notes encompass the key information presented and provide actionable insights for addressing the Eldorado ransomware threat.