Security News > 2024 > July > New Eldorado ransomware targets Windows, VMware ESXi VMs

New Eldorado ransomware targets Windows, VMware ESXi VMs
2024-07-05 15:56

A new ransomware-as-a-service called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.

Eldorado is a Go-based ransomware that can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities.

The researchers obtained from the developer an encryptor, which came with a user manual saying that there are 32/64-bit variants available for VMware ESXi hypervisors and Windows.

Eldorado also encrypts network shares utilizing the SMB communication protocol to maximize its impact and deletes shadow volume copies on the compromised Windows machines to prevent recovery.

The ransomware skips DLLs, LNK, SYS, and EXE files, as well as files and directories related to system boot and basic functionality to prevent rendering the system unbootable/unusable.

Meet Brain Cipher - The new ransomware behind Indonesia's data center attack.


News URL

https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591