Security News > 2024 > July > New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.
Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.
"The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding for key encryption," researchers Nikolay Kichatov and Sharmine Low said.
Eldorado is the latest in the list of new double-extortion ransomware players that have sprung up in recent times, including Arcus Media, AzzaSec, dan0n, Limpopo, LukaLocker, Shinra, and Space Bears once again highlighting the enduring and persistent nature of the threat.
The development coincides with the discovery of new Linux variants of Mallox ransomware as well as decryptors associated with seven different builds.
"The ongoing development of new ransomware strains and the emergence of sophisticated affiliate programs demonstrate that the threat is far from being contained," Group-IB noted.
News URL
https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html
Related news
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)