Sharp Rise in Eldorado Ransomware Attacks
Group-IB researchers have observed a significant increase in Eldorado ransomware attacks, a Go-based ransomware that targets various industries with its cross-platform encryption operations. Affiliates of Eldorado ransomware are actively seeking skilled partners on RAMP ransomware forums, posing a threat to users, especially those on Linux servers.
RAMP, a popular forum for ransomware gangs, has been instrumental in promoting 60% of new RaaS programs between 2022 and 2023. Group-IB identified 27 RaaS program ads on dark web forums during this period, indicating a growing demand for skilled affiliates in the ransomware landscape.
Eldorado ransomware, written in Golang, utilizes advanced encryption algorithms to encrypt files on Windows and Linux platforms. The ransomware affiliates leverage SMB protocol to encrypt large files on victim networks, making file recovery without the decryption key a challenging task.
Until June 2024, Eldorado ransomware attacks have targeted 16 companies across different countries and industries, with the US being the most affected. The Real Estate industry was the most targeted, followed by Education, Professional Services, Health Care, Manufacturing, and others.
Protecting Against Eldorado Ransomware
To safeguard against Eldorado ransomware attacks, businesses are advised to implement multi-factor authentication, credential-based access solutions, and regular data backups to mitigate the risk of paying ransom demands. Jason Soroko, Senior Vice President of Product at Sectigo, highlighted the evasiveness of Eldorado ransomware and its advanced capabilities for lateral movement through USB drive checks.
As businesses navigate the evolving threat landscape of ransomware attacks, proactive measures and cybersecurity best practices are essential to defend against malicious actors seeking to exploit vulnerabilities in systems and networks.