Security News > 2024 > July > New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
Eldorado is a Go-based ransomware that can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities.
The researchers obtained from the developer an encryptor, which came with a user manual saying that there are 32/64-bit variants available for VMware ESXi hypervisors and Windows.
Eldorado also encrypts network shares utilizing the SMB communication protocol to maximize its impact and deletes shadow volume copies on the compromised Windows machines to prevent recovery.
The ransomware skips DLLs, LNK, SYS, and EXE files, as well as files and directories related to system boot and basic functionality to prevent rendering the system unbootable/unusable.
Meet Brain Cipher - The new ransomware behind Indonesia's data center attack.
News URL
Related news
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- Broadcom warns of authentication bypass in VMware Windows Tools (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)