A New Ransomware Emerges: Eldorado Targets VMware ESXi and Windows VMs
A new ransomware named Eldorado has emerged, targeting VMware ESXi and Windows VMs across multiple organizations and sectors. The ransomware, operated as a service, uses various tactics to infiltrate systems and encrypt data.
The administrator of the RaaS service utilized NTLM or administrator passwords to generate ransomware samples. Eldorado, built on Golang for cross-platform operations, boasts customization capabilities that enhance its success rate. It tailors attacks using company names, target networks, admin credentials, and ransom note details.
As of June 2024, 16 companies in the US and Europe have reported being attacked. The real estate sector is the primary target, with other industries like professional services, healthcare, education, and manufacturing also affected. Some attacks even targeted business services, messaging and telecommunications, transportation, government, administrative services, and the military.
Group-IB advises organizations to strengthen security measures to mitigate risks posed by ransomware attacks like Eldorado. Recommendations include employee training to identify phishing attacks, regular data backups, and robust security protocols. These measures are essential to safeguard organizations against evolving ransomware threats.
For more information on the Eldorado ransomware threat, refer to Group-IB’s detailed report.
LATEST NEWS STORIES
Share This Article:
Anuj Mudaliar, a tech editor at Spiceworks, covers various topics, including cloud, cybersecurity, AI, and hardware. Outside of work, Anuj enjoys outdoor activities like trekking, camping, and stargazing. He also has a passion for cooking and exploring global cuisines.
