New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
Jul 08, 2024
Ransomware / Encryption
An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its representative is a Russian speaker and that the malware does not overlap with previously leaked strains such as LockBit or Babuk. "The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding (RSA-OAEP) for key encryption," researchers Nikolay Kichatov and Sharmine Low said . "It can encrypt files on shared networks using Server Message Block (SMB) protocol." The encryptor for Eldorado comes in four formats, namely esxi, esxi_64, win, and win_64, with its data leak ...
