July 8, 2024 at 10:43AM
The newly discovered Eldorado ransomware encrypts files on Windows and Linux systems. The group behind it was first observed in March 2024 and uses advanced encryption techniques to target various industries. It is one of the many emerging ransomware groups, highlighting the need for organizations to stay vigilant against evolving cyber threats.
Key takeaways from the meeting notes are:
– A new ransomware operation called Eldorado has emerged, offering locker variants for encrypting files on Windows and Linux systems.
– Eldorado was first detected in March 2024 and uses Golang for cross-platform capabilities, Chacha20 for file encryption, and RSA-OAEP for key encryption.
– The ransomware has already listed 16 victims as of June 2024, spanning various industry verticals such as real estate, education, professional services, healthcare, and manufacturing, with most targets located in the U.S.
– Eldorado is part of the new wave of double-extortion ransomware, alongside other players such as Arcus Media, LukaLocker, and Mallox.
– Notably, LukaLocker does not use a data leak site and opts to call victims over the phone to extort and negotiate payment.
– Additionally, new Linux variants of Mallox ransomware and associated decryptors have been discovered, with the attackers using custom Python scripts for payload delivery and victim information exfiltration.
– Law enforcement and cybersecurity organizations continue to combat ransomware threats, with Avast providing a decryptor for DoNex and its predecessors.
The meeting notes also emphasize the increasing threat of ransomware, with 470 recorded ransomware attacks in May 2024, highlighting the need for organizations to remain vigilant and proactive in their cybersecurity efforts.