Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

New Eldorado Ransomware Hits US Sectors

July 3, 2024
Reading Time: 2 mins read
in Alerts
New Eldorado Ransomware Hits US Sectors

The newly discovered Eldorado ransomware-as-a-service (RaaS), active since March, targets both VMware ESXi and Windows systems. This ransomware has impacted 16 victims, primarily in the U.S. across various sectors including real estate, education, healthcare, and manufacturing. Eldorado’s operators are actively recruiting affiliates and promoting their service on cybercriminal forums, with a data leak site currently down.

Eldorado, written in Go, encrypts files on both Windows and Linux platforms. It uses the ChaCha20 algorithm for file encryption, applying a unique 32-byte key and 12-byte nonce for each file, and encrypts these using RSA with Optimal Asymmetric Encryption Padding (OAEP). Encrypted files receive a “.00000001” extension, and ransom notes are placed in the Documents and Desktop folders. The ransomware also encrypts network shares via SMB and deletes shadow volume copies on Windows systems to hinder recovery efforts.

Affiliates of Eldorado can customize their attacks by specifying which directories to encrypt or skip and targeting network shares on certain subnets. However, Linux variants only allow customization of encryption directories. The malware is set to self-delete by default to evade detection and analysis, and it avoids encrypting system files and directories critical to booting.

To defend against Eldorado and similar ransomware, Group-IB recommends implementing multi-factor authentication (MFA), using Endpoint Detection and Response (EDR) systems, regularly backing up data, and applying security patches. Additionally, employing AI-based intrusion detection, training employees to recognize threats, and avoiding ransom payments can help mitigate risks and protect against such ransomware attacks.

Reference:
  • New Eldorado Ransomware Targets US Sectors with Devastating Encryption Attacks
Tags: ChaCha20Cyber AlertsCyber Alerts 2024Cyber threatsEldoradoJuly 2024LinuxRaaSRansomwareVmwareWindows
ADVERTISEMENT

Related Posts

Smishing targets routers in Belgium 2025

Smishing targets routers in Belgium 2025

October 2, 2025
Smishing targets routers in Belgium 2025

Outlook Bug Causes Repeated Crashes

October 2, 2025
Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

October 2, 2025
Microsoft Sentinel Unveils AI SIEM

Apple Pushes iPhone and Mac Updates

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

Tesla Fixes TCU Bug With USB Risk

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

EvilAI Malware Posing As AI Tools

October 1, 2025

Latest Alerts

Outlook Bug Causes Repeated Crashes

Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

Tesla Fixes TCU Bug With USB Risk

Apple Pushes iPhone and Mac Updates

EvilAI Malware Posing As AI Tools

Subscribe to our newsletter

    Latest Incidents

    Allianz Life July Breach Hits 1.5M

    Dealership Software Breach Hits 766k

    Suffolk Website Down After Cyber-Attack

    WestJet Confirms Data Breach

    Ransomware Gang Recruits Reporter

    US Surveillance Hack Exposes Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial