Eldorado Ransomware is Targeting Windows, VMware ESXi VMs

 

Eldorado, a new ransomware-as-a-service (RaaS), was released in March and has locker variations for VMware ESXi and Windows. The gang has already claimed 16 victims, the majority of whom are in the United States and work in real estate, education, healthcare, and manufacturing. 

Researchers at cybersecurity firm Group-IB monitored Eldorado’s activity and discovered its operators advertising the malicious service on RAMP forums and looking for skilled affiliates to join the affiliate programme. Eldorado also maintains a data leak site that lists victims, although it was unavailable at the time of writing.

Eldorado is a Go-based ransomware that can encrypt Windows and Linux platforms using two unique variations with numerous operational similarities. The researchers acquired an encryptor from the developer, along with a user manual indicating that 32/64-bit variations are available for VMware ESXi hypervisors and Windows. According to Group-IB, Eldorado is a unique development that does not rely on previously available builder sources. 

The malware encrypts each locked file with the ChaCha20 algorithm, generating a unique 32-byte key and 12-by

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: