Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Eldorado ransomware campaign found targeting Windows and Linux systems alike

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted.".

There is a brand new player in the ransomware-as-a-service (RaaS) scene, and it’s called Eldorado.

Cybersecurity researchers Group-IB have been tracking the group for some time now, and have even obtained a version of the encryptor for analysis.

As per the researchers, Eldorado is not a rebrand of a previous threat actor, and probably has entirely new people running it. Most likely, it started its operation in March this year, as that is roughly the time the researchers saw the group advertise its services on the dark web and first called for skilled affiliates to join the program.

Customization options

The encryptor was built for Windows and Linux devices, and is also capable of targeting VMware ESXi hypervisors. Since March, it was able to claim 16 victims, mostly in real estate, education, healthcare, and manufacturing. 

The developers say Eldorado does not rely on previously published builder sources, and claim to have built the encryptor to offer some level of customization. On Linux, affiliates can choose which directories to encrypt, while on Windows, they can choose directories, skip local files, target network shares on specific subnets, and prevent the malware from self-destructing. 

Otherwise, its default setting is to self-delete and prevent security teams from running a post-mortem. 

The group also said it had a data leak site, but according to BleepingComputer, it is currently offline.

“Although relatively new and not a rebrand of well-known ransomware groups, Eldorado has quickly demonstrated its capability within a short period of time to inflict significant damage to its victims’ data, reputation, and business continuity,” Group-IB’s researchers wrote in their analysis. 

As with most other cyberattacks, a ransomware attack usually relies on a person clicking a malicious link, or running a malicious file locally, so the best protection against ransomware is to educate your employees on the dangers of phishing and social engineering attacks. 

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.