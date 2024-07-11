Microsoft-Friendly Media Twists VMware ESXi Issues or Malware Getting Installed as "Linux" (VMware Violates the Linux Licence)
Bleeping Computer ☛ New Eldorado ransomware targets Windows, VMware ESXi VMs
The researchers obtained from the developer an encryptor, which came with a user manual saying that there are 32/64-bit variants available for VMware ESXi hypervisors and Windows.
The Register UK ☛ Eldorado ransomware-as-a-service gang targets Linux, Windows systems
Eldorado crew advertises a locker and a loader, but what's unusual about this malware is that it does not use any previously published builder sources – such as the LockBit 3.0 ransomware that was leaked in September 2022, or the Babuk source code that was made public a year earlier.
Additionally, the Windows version uses a PowerShell command to overwrite the encryptor with random bytes before it deletes the file, which also helps remove any traces of the malware.
InfoSecurity Magazine ☛ Eldorado Ransomware Strikes Windows and Linux Networks
According to an advisory published by Group-IB last week, the ransomware employs advanced encryption methods such as Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding (RSA-OAEP) for key encryption. This allows it to effectively encrypt files across shared networks utilizing the Server Message Block (SMB) protocol.
Eldorado Ransomware Targeting Windows and Linux with New Malware
Group-IB researchers report a sharp rise in Eldorado – Golang-based ransomware with cross-platform encryption- operations, targeting various industries. Learn how Eldorado ransomware affiliates operate and how to protect your business from attacks.
TechRadar ☛ Eldorado ransomware campaign found targeting Windows and Linux systems alike
As per the researchers, Eldorado is not a rebrand of a previous threat actor, and probably has entirely new people running it. Most likely, it started its operation in March this year, as that is roughly the time the researchers saw the group advertise its services on the dark web and first called for skilled affiliates to join the program.
Duo ☛ Jul 8, 2024 New Eldorado Ransomware Hits Windows, Linux Systems By Lindsey O’Donnell-Welch
Eldorado’s ransomware builder is unique, and unlike other ransomware groups the threat actor does not rely on previously leaked, publicly available ransomware tools like the LockBit 3.0 ransomware or the Babuk ransomware source code. The ransomware uses the Go language, and has versions crafted for both Windows and Linux systems (with an encryptor available in four formats: esxi, esxi_64, win, and win_64).
Hacker News ☛ New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
Mallox is known to be propagated by brute-forcing Microsoft SQL servers and phishing emails to target Windows systems, with recent intrusions also making use of a .NET-based loader named PureCrypter.