Security News > 2024 > July > New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
2024-07-08 13:15

An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.

Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

"The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding for key encryption," researchers Nikolay Kichatov and Sharmine Low said.

Eldorado is the latest in the list of new double-extortion ransomware players that have sprung up in recent times, including Arcus Media, AzzaSec, dan0n, Limpopo, LukaLocker, Shinra, and Space Bears once again highlighting the enduring and persistent nature of the threat.

The development coincides with the discovery of new Linux variants of Mallox ransomware as well as decryptors associated with seven different builds.

"The ongoing development of new ransomware strains and the emergence of sophisticated affiliate programs demonstrate that the threat is far from being contained," Group-IB noted.


News URL

https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232