Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The new Eldorado ransomware-as-a-service targets Windows and Linux systems
Global Security

The new Eldorado ransomware-as-a-service targets Windows and Linux systems

AdminBy AdminJuly 8, 2024No Comments3 Mins Read
Ransomware-as-a-Service
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 8, 2024Information hallRansomware / encryption

Ransomware as a service

A new ransomware-as-a-service (RaaS) operation called Eldorado comes with file encryption locker options on Windows and Linux systems.

Eldorado first appeared on March 16, 2024, when an advertisement for an affiliate program was posted on the RAMP ransomware forum, according to Group-IB, headquartered in Singapore.

The cybersecurity firm that penetrated the ransomware group noted that its representative is Russian-speaking and that the malware does not match previously leaked strains such as LockBit or Babuk.

“The Eldorado ransomware exploits Golang for cross-platform capabilities, using Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding (RSA-OAEP) for key encryption,” researchers Nikolai Kichatov and Sharmin Lowe. said. “It can encrypt files on shared networks using the Server Message Block (SMB) protocol.”

The encoder for Eldorado comes in four formats, namely esxi, esxi_64, win and win_64, and the data leak site already lists 16 victims as of June 2024. Thirteen targets are located in the US, two in Italy, and one in Croatia. .

These companies span various industry verticals such as real estate, education, professional services, healthcare, and manufacturing, among others.

Cyber ​​security

Further analysis of the Windows version artifacts revealed the use of a PowerShell command to overwrite the locker with random bytes before deleting the file in an attempt to clean up the traces.

Eldorado is the latest in a string of new double-edged ransomware that have appeared recently, including Middle arch, AzzaSec, dan0n, Limpopo (aka SOCOTRA, FORMOSA, SEXI), Cabinet, Shinraand Space bears again underscoring the persistent and persistent nature of the threat.

Ransomware as a service

Linked to an operator called Halcyon Volcano Demon, LukaLocker is notable for not using a data breach site, but calling victims by phone to demand and negotiate payment after encrypting Windows workstations and servers.

The development coincides with the release of new Linux variants Mallox (aka Fargo, TargetCompany, Mawahelper) ransomware, as well as decryptors associated with seven different builds.

Ransomware as a service

Mallox is known to spread by bruteforcing Microsoft SQL servers and phishing emails to target Windows systems, with recent intrusions also using a .NET-based loader called PureCrypter.

“Attackers use custom Python scripts to deliver payloads and steal victim’s information,” Uptycs researchers Tejaswini Sandapolo and Shilpesh Trivedi said. “The malware encrypts user data and appends the .locked extension to encrypted files.”

Cyber ​​security

The decryptor was also available for DoNex and its predecessors (Muse, fake LockBit 3.0 and DarkRace) from Avast, taking advantage of a flaw in the cryptographic scheme. Czech cyber security company said since March 2024, in cooperation with law enforcement, he has been “tacitly providing the decryptor” to victims.

“Despite law enforcement efforts and enhanced security measures, ransomware groups continue to adapt and thrive,” Group-IB said.

The data is shared Malwarebytes and NCC Group based on victims listed on leak sites, shows that 470 ransomware attacks were reported in May 2024, compared to 356 in April. LockBit, Play, Medusa, Akira, 8Base, Qilin, RansomHub are responsible for most of the attacks.

“The constant development of new strains of ransomware and the emergence of sophisticated affiliate programs demonstrate that the threat is far from being contained,” Group-IB said. “Organizations must remain vigilant and proactive in their cybersecurity efforts to mitigate the risks associated with these ever-evolving threats.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.