Security News > 2024 > July > New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
Eldorado is a Go-based ransomware that can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities.
The researchers obtained from the developer an encryptor, which came with a user manual saying that there are 32/64-bit variants available for VMware ESXi hypervisors and Windows.
Eldorado also encrypts network shares utilizing the SMB communication protocol to maximize its impact and deletes shadow volume copies on the compromised Windows machines to prevent recovery.
The ransomware skips DLLs, LNK, SYS, and EXE files, as well as files and directories related to system boot and basic functionality to prevent rendering the system unbootable/unusable.
Meet Brain Cipher - The new ransomware behind Indonesia's data center attack.
News URL
Related news
- Linux version of TargetCompany ransomware focuses on VMware ESXi (source)
- Linux version of RansomHub ransomware targets VMware ESXi VMs (source)
- SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (source)
- New Linux Variant of Play Ransomware Targeting VMWare ESXi Systems (source)
- New Play ransomware Linux version targets VMware ESXi VMs (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw (source)
- Ransomware crew may have exploited Windows make-me-admin bug as a zero-day (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
- VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi (source)