Ransomware-as-a-Service 'Eldorado' Targets Windows & Linux Systems 

Cyber Threats
Written By Margaret Noel

CEO Jeff Stutzman shares what businesses and individuals need to know about Eldorado and Ransomware-as-a-Service threats.

Ransomware-as-a-Service (RaaS) has become a significant threat in the cyber-security landscape, with 'Eldorado' emerging as the next example. And while Eldorado is the new shiny thing, it won’t be long this RaaS platform is replaced by another. So, why not take a moment and talk about how we protect ourselves from this ransomware and others.  

 

What is Eldorado Ransomware

First, let’s begin with a short review of what Eldorado ransomware is: 

 

  • Eldorado targets Windows and Linux systems. This is new. Windows systems have long been a prime target for ransomware attacks due to their widespread use in enterprises and individuals. However, the inclusion of Linux systems in Eldorado's arsenal highlights the increasing recognition of Linux as a critical component in many organizational infrastructures. Linux servers often host crucial applications and data, making them attractive targets for ransomware attacks. 

  • Eldorado operates as a subscription model, allowing cybercriminals (or any other criminal or soon-to-be criminal) to lease the ransomware and customize their attacks. (This business model significantly lowers the entry barrier for malicious actors, enabling even those with limited technical expertise to launch sophisticated ransomware campaigns.) (This is not new. Get used to it. There’s more coming.) 

  • Eldorado is written in GoLang, making it a cross-platform threat (Windows and Linux). Again, this is only going to continue.  

  • Eldorado employs various techniques to maximize effectiveness. It uses advanced encryption algorithms to lock victims' files, rendering them inaccessible without the decryption key.  

  • The ransomware also includes mechanisms to evade detection by security software, such as polymorphic code that changes its signature with each infection.  

  • Additionally, Eldorado can disable system restore points and shadow copies, making it more challenging for victims to recover their data without paying the ransom. 

  • It often spreads through phishing emails, malicious attachments, and exploit kits that take advantage of vulnerabilities in software and operating systems.  

  • Once inside a network, Eldorado can move laterally, compromising multiple systems and increasing the ransom demand. 

 

Eldorado is interesting, but more than any other new cool tool that hits the scene. As I get older, these things seem to affect me emotionally less and less. For those not as grey in the beard and unhardened in the field, just remember, as with any ransomware, not just Eldorado, the financial and operational impact of an attack can be devastating.  

 
What to do to protect your business against ransomware attacks: 

 

To defend against Eldorado and similar RaaS threats, Trusted Internet recommends and offers a multi-layered security strategy that will help keep your data safe, regardless of the ransomware attacker. This list is not an exhaustive list of steps, but serves as a good starting point:  

 

  • Use air gapped backups. Never use an automated backup system that stays connected to your computers. Ransomware looks for these connections and encrypts them. Take backups, and move one offline unconnected, then start another. Do this every few days to ensure your backed-up data remains fresh. And… don’t forget to test them.  

  • Do not expose Remote Desktop (or any other service if possible) directly to the internet without protection. Layer good defenses.  

  • Enterprise Grade Unified Threat Management devices  

  • Multi-factor authentication for everything.  

  • Endpoint protection that includes behavioral analysis (traditional AV won’t detect polymorphic code. You must defend with behavioral tools. Trusted Internet uses Minerva’s Armor (now a Rapid7 product). It eats polymorphic code for breakfast.  

  • Linux can be hard to monitor. And for the inexperienced, harder to defend. If you’re going to use Linux, have people on hand who know (not think they know) how to defend and repair it if needed.  

  • And with everything, train to the task and be prepared. 

 

This is clearly not exhaustive, but for those with nothing, start with the items on this list. If you need help, there’s plenty out there –including Trusted Internet.  

 

Contact Us For Help 

And last, should you suspect a threat, contact Trusted Internet’s Executive Cyber Support Center or your Virtual CISO™ immediately for evaluation. 

Margaret Noel
Previous

How Executives Can Improve Their Cybersecurity When Working From Home
Next

Crowdstrike – Trusted Internet comments and recommendations