Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

New Eldorado Ransomware Hits US Sectors

July 3, 2024
Reading Time: 2 mins read
in Alerts
New Eldorado Ransomware Hits US Sectors

The newly discovered Eldorado ransomware-as-a-service (RaaS), active since March, targets both VMware ESXi and Windows systems. This ransomware has impacted 16 victims, primarily in the U.S. across various sectors including real estate, education, healthcare, and manufacturing. Eldorado’s operators are actively recruiting affiliates and promoting their service on cybercriminal forums, with a data leak site currently down.

Eldorado, written in Go, encrypts files on both Windows and Linux platforms. It uses the ChaCha20 algorithm for file encryption, applying a unique 32-byte key and 12-byte nonce for each file, and encrypts these using RSA with Optimal Asymmetric Encryption Padding (OAEP). Encrypted files receive a “.00000001” extension, and ransom notes are placed in the Documents and Desktop folders. The ransomware also encrypts network shares via SMB and deletes shadow volume copies on Windows systems to hinder recovery efforts.

Affiliates of Eldorado can customize their attacks by specifying which directories to encrypt or skip and targeting network shares on certain subnets. However, Linux variants only allow customization of encryption directories. The malware is set to self-delete by default to evade detection and analysis, and it avoids encrypting system files and directories critical to booting.

To defend against Eldorado and similar ransomware, Group-IB recommends implementing multi-factor authentication (MFA), using Endpoint Detection and Response (EDR) systems, regularly backing up data, and applying security patches. Additionally, employing AI-based intrusion detection, training employees to recognize threats, and avoiding ransom payments can help mitigate risks and protect against such ransomware attacks.

Reference:
  • New Eldorado Ransomware Targets US Sectors with Devastating Encryption Attacks
Tags: ChaCha20Cyber AlertsCyber Alerts 2024Cyber threatsEldoradoJuly 2024LinuxRaaSRansomwareVmwareWindows
ADVERTISEMENT

Related Posts

PolarEdge Expands Router Botnet

PolarEdge Expands Router Botnet

October 22, 2025
PolarEdge Expands Router Botnet

Google Finds New Russian Malware

October 22, 2025
PolarEdge Expands Router Botnet

Copilot Flaw Exposes Sensitive Data

October 22, 2025
WatchGuard Devices At Risk Of RCE

BitLocker May Lock Your Data Silently

October 21, 2025
WatchGuard Devices At Risk Of RCE

North Korea Hackers Use New JS Malware

October 21, 2025
WatchGuard Devices At Risk Of RCE

WatchGuard Devices At Risk Of RCE

October 21, 2025

Latest Alerts

Copilot Flaw Exposes Sensitive Data

PolarEdge Expands Router Botnet

Google Finds New Russian Malware

BitLocker May Lock Your Data Silently

North Korea Hackers Use New JS Malware

WatchGuard Devices At Risk Of RCE

Subscribe to our newsletter

    Latest Incidents

    Union Cyberattack Raises Concerns

    Romanian Prisoner Hacks Prison IT

    Hackers Claim Data On NSA Officials

    Muji Stops Online Sales After Attack

    Major Telco Confirms Cyber Breach

    Russian Hackers Leak UK MoD Files

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial