A new ransomware named Eldorado has emerged, targeting VMware ESXi and Windows VMs across multiple organizations and sectors. The ransomware, operated as a service, uses various tactics to infiltrate systems and encrypt data.
A Sophisticated Threat
The administrator of the RaaS service utilized NTLM or administrator passwords to generate ransomware samples. Eldorado, built on Golang for cross-platform operations, boasts customization capabilities that enhance its success rate. It tailors attacks using company names, target networks, admin credentials, and ransom note details.
As of June 2024, 16 companies in the US and Europe have reported being attacked. The real estate sector is the primary target, with other industries like professional services, healthcare, education, and manufacturing also affected. Some attacks even targeted business services, messaging and telecommunications, transportation, government, administrative services, and the military.
Recommendations for Mitigation
Group-IB advises organizations to strengthen security measures to mitigate risks posed by ransomware attacks like Eldorado. Recommendations include:
- Employee Training: Educate staff to identify phishing attacks and other common infiltration tactics.
- Regular Data Backups: Ensure data is backed up frequently and securely to minimize damage in case of an attack.
- Robust Security Protocols: Implement strong security measures such as multi-factor authentication and regular system updates.
These measures are essential to safeguard organizations against evolving ransomware threats.
For more information on the Eldorado ransomware threat, refer to Group-IB’s detailed report.