New ransomware appears attacking Windows operating system
This malware has appeared since March and has had 16 victims, mainly in the US, operating in the real estate, education, healthcare and manufacturing sectors.
Eldorado is a new and completely independent ransomware. It uses the Go language for cross-platform attacks. This malware encrypts files using the ChaCha20 algorithm and generates a unique 32-byte key and a 12-byte nonce for each locked file. The keys are then encrypted using RSA-OAEP.
After encryption, the file will be renamed ".00000001" and a ransom note named 'HOW_RETURN_YOUR_DATA.TXT' will be added to the Documents and Desktop folders.
In particular, Eldorado has the ability to customize to attack specific directories. This malicious code is even installed by default in self-delete mode to avoid being detected by users and analyzed by incident response teams.
To prevent ransomware in general and Eldorado in particular, experts recommend that users urgently deploy the following defensive measures:
- Implement a multi-factor authentication (MFA) solution and credential-based access.
- Back up data regularly to minimize damage and avoid data loss.
- Regularly update security patches to fix vulnerabilities.
- Detect and prevent intrusions quickly using AI-based analytics and advanced malware detection solutions.
- Quickly identify and respond to ransomware indicators using Endpoint Detection and Response (EDR).
- Train employees to recognize and report cybersecurity threats.
- Conduct regular and periodic technical audits or security assessments.
- Refuse to pay the ransom because data recovery is difficult and could lead to more attacks.
You should read it
- Disable malicious HiddenTear Ransomware with HT Brute Forcer
- STOP - Ransomware is the most active in the Internet but rarely talked about
- Research: The golden time to prevent malicious code after the system is compromised
- Strange ransomware detection only attacks the rich
- How to prevent malicious blackmail JPG code via Facebook Messenger
- Is Ransomware Annabelle scary with Annabelle movies?
- How to handle the emergency WannaCry malicious code from the National Information Security Department
- Detection of a new ransomware strain targeting the Windows search engine
- Ryuk Ransomware has added 'selective' encryption capabilities.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
- Discovered new ransomware on Mac computers
Maybe you are interested
Why do so many people switch to iPads after years of using Android tablets?
How to ensure accurate color printing when using Canva
How to Create Animated Sound Using Adobe Express
Using Data Headshot FF, Free Fire headshot mod will get banned?
The 6 Biggest Problems With Using One-Click AI Photo Enhancement Tools
Why Stop Using Free AI Tools? What to Use Instead?