Security News > 2024 > July > New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.

Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

"The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding for key encryption," researchers Nikolay Kichatov and Sharmine Low said.

Eldorado is the latest in the list of new double-extortion ransomware players that have sprung up in recent times, including Arcus Media, AzzaSec, dan0n, Limpopo, LukaLocker, Shinra, and Space Bears once again highlighting the enduring and persistent nature of the threat.

The development coincides with the discovery of new Linux variants of Mallox ransomware as well as decryptors associated with seven different builds.

"The ongoing development of new ransomware strains and the emergence of sophisticated affiliate programs demonstrate that the threat is far from being contained," Group-IB noted.

News URL

https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html