Security News > 2024 > July > New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.
Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.
"The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding for key encryption," researchers Nikolay Kichatov and Sharmine Low said.
Eldorado is the latest in the list of new double-extortion ransomware players that have sprung up in recent times, including Arcus Media, AzzaSec, dan0n, Limpopo, LukaLocker, Shinra, and Space Bears once again highlighting the enduring and persistent nature of the threat.
The development coincides with the discovery of new Linux variants of Mallox ransomware as well as decryptors associated with seven different builds.
"The ongoing development of new ransomware strains and the emergence of sophisticated affiliate programs demonstrate that the threat is far from being contained," Group-IB noted.
News URL
https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- ESET researchers analyze first UEFI bootkit for Linux systems (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)