The newest world-wide, ransomware-as-a-service (RaaS) threat “Eldorado” is packed with locker variants that prey on Windows and Linux based systems to encrypt the files.
“Eldorado”. It sounds like an old Western town. In every good Western-themed flick there is a shoot-out between the bad guy and the good guy. But, with this Eldorado, unfortunately you’re the target.
Ransomware-As-A-Service, also known as RAAS, is a business model for cybercrime where a ransomware group or “gang” sells its code or malware to other hackers, who then use it for their own attacks.
An advertisement for the affiliate group was posted in the RAMP forum on March 16, 2024. This is where it all began, according to Group-IB, a Singapore-headquartered cybersecurity company. Group-IB permeated the ransomware group to learn more about the Eldorado program. It was discovered that the malware has a Russian-speaking representative, or “threat actor”. It also does not share aspects with other ransomware programs LockBit or Babuk.
Eldorado ransomware also has a bit more advanced capabilities. It can move laterally, meaning removable media such as USB drives. It can detect and infect removable media, therefore spreading the ransomware to other systems, and it can use techniques to make itself obscure to avoid detection by security software.
‘Eldorado’ claimed 16 victims since June 2024 – 13 in the U.S., two in Italy, and one in Croatia. Varying verticals were targeted such as real estate, healthcare, education, manufacturing, and professional services. Eldorado joins the roster of double-extortion ransomware players which includes Mallox, LukaLocker, Brain Cipher, AzzaSec, Limpopo and Arcus Media.
What is Double-Extortion Ransomware?
Double-extortion ransomware is, just as it implies, a double-edged sword. Not only do the hackers penetrate your system and commandeer your data, but they also encrypt your stolen data, so the only way to get it back is to pay their ransom.
Threats Are Real. Stay Secured.
From 2022 to 2023, the number of global ransomware attacks rose by a whopping 84%, totaling over 4,600 cases. Unfortunately, ransomware groups continue to adjust and thrive in their craft, despite the actions of law enforcement officials and increased security efforts. Businesses must do their part to ensure data (internal and customer) is protected to the highest level. These security measures will help limit access to ransomware groups.
Being proactive in your cybersecurity efforts is key. Just because you are a small company doesn’t mean you aren’t “worthy” of a data breach. If you run a business, your data is susceptible to being hacked – no matter how “sensitive” it is. Standard antivirus on your computers won’t cut it anymore – those days are gone.
Ready to secure your business data and lock the door to hackers?
Fortifi Cyber Security, a sibling company of Atlantic Technology Services, can help you discover the “open doors” in your organization where ransomware could enter. They provide expert security monitoring, management, and mitigation response for your business to help keep you secure from threats such as Eldorado RAAS. Call at 888-500-9111 or click here to get a free vulnerability test.