Security News > 2024 > July > New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
Eldorado is a Go-based ransomware that can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities.
The researchers obtained from the developer an encryptor, which came with a user manual saying that there are 32/64-bit variants available for VMware ESXi hypervisors and Windows.
Eldorado also encrypts network shares utilizing the SMB communication protocol to maximize its impact and deletes shadow volume copies on the compromised Windows machines to prevent recovery.
The ransomware skips DLLs, LNK, SYS, and EXE files, as well as files and directories related to system boot and basic functionality to prevent rendering the system unbootable/unusable.
Meet Brain Cipher - The new ransomware behind Indonesia's data center attack.