New ransomware appears attacking Windows operating system
A new ransomware service called Eldorado appears to offer services to affiliate partners attacking Windows systems and VMware ESXi virtual machines.
This malware has appeared since March and has had 16 victims, mainly in the US, operating in the real estate, education, healthcare and manufacturing sectors.
Eldorado is a new and completely independent ransomware. It uses the Go language for cross-platform attacks. This malware encrypts files using the ChaCha20 algorithm and generates a unique 32-byte key and a 12-byte nonce for each locked file. The keys are then encrypted using RSA-OAEP.
After encryption, the file will be renamed ".00000001" and a ransom note named 'HOW_RETURN_YOUR_DATA.TXT' will be added to the Documents and Desktop folders.
In particular, Eldorado has the ability to customize to attack specific directories. This malicious code is even installed by default in self-delete mode to avoid being detected by users and analyzed by incident response teams.
To prevent ransomware in general and Eldorado in particular, experts recommend that users urgently deploy the following defensive measures:
- Implement a multi-factor authentication (MFA) solution and credential-based access.
- Back up data regularly to minimize damage and avoid data loss.
- Regularly update security patches to fix vulnerabilities.
- Detect and prevent intrusions quickly using AI-based analytics and advanced malware detection solutions.
- Quickly identify and respond to ransomware indicators using Endpoint Detection and Response (EDR).
- Train employees to recognize and report cybersecurity threats.
- Conduct regular and periodic technical audits or security assessments.
- Refuse to pay the ransom because data recovery is difficult and could lead to more attacks.
You should read it
- Disable malicious HiddenTear Ransomware with HT Brute Forcer
- STOP - Ransomware is the most active in the Internet but rarely talked about
- Research: The golden time to prevent malicious code after the system is compromised
- Strange ransomware detection only attacks the rich
- How to prevent malicious blackmail JPG code via Facebook Messenger
- Is Ransomware Annabelle scary with Annabelle movies?
- How to handle the emergency WannaCry malicious code from the National Information Security Department
- Detection of a new ransomware strain targeting the Windows search engine
- Ryuk Ransomware has added 'selective' encryption capabilities.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
- Discovered new ransomware on Mac computers
Maybe you are interested
New Intel microcode '0x129' tested on Linux, did not show a major impact on performance Learn about Hamster AI: The best free all-in-one AI tool Why does opening MOV file have no image? How to fix? How to install HEVC and HEIF codecs on Windows 11 How to print Excel on 1 A4 page - Display full content on 1 page More than 60% of passwords are cracked by AI in less than 60 seconds