Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

Add New Post

Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

Add New Post
in

Stay Alert for New Ransomware Threats, Urges MIC

MIC urges agencies, organizations to be wary of new ransomware

Ransomware poses a significant threat to organizations worldwide, including those in Vietnam. In the first half of 2024, Vietnam experienced ransomware attacks that resulted in losses and disruptions to online services across various sectors such as securities, energy, telecommunications, and logistics.

VNCERT/CC, a branch of the Authority of Information Security (AIS), highlighted Eldorado as a new type of RaaS (ransomware as a service) that emerged in March. This ransomware is associated with versions targeting the VMware ESXi virtual manager and Windows operating system.

Researchers from Group-IB observed Eldorado’s operations and noted that these attacks were advertised on the RAMP forum, seeking individuals with advanced cyber attack skills.

Eldorado, coded in Go programming language, can encrypt both Windows and Linux operating systems through two distinct but similar variants, expanding its range of impact.

Group-IB discovered that Eldorado employs ChaCha20 algorithms for data encryption, appending files with a “.00000001” extension and leaving ransom notes named “HOW_RETURN_YOUR_DATA.TXT” in Documents and Desktop folders.

In addition to file encryption, Eldorado leverage SMB communication protocol to encrypt network shares and deletes shadow copies on compromised Windows systems to hinder recovery efforts. The malware is programmed to self-delete by default to evade detection and analysis.

VNCERT/CC warned that Eldorado’s capabilities extend to encrypting files on VMware ESXi systems, leading to disruptions in server and workstation operations, impeding data access, and causing business interruptions.

Targeting widely-used systems in Vietnam like VMware ESXi and Windows, Eldorado can disable and encrypt virtual machines, disrupting the entire virtual infrastructure.

To safeguard information systems, administrators of agencies, organizations, and businesses utilizing VMware ESXi and Windows are advised to implement specific security measures:

  • Utilize multi-factor authentication and access solutions based on authenticated information
  • Employ EDR (Endpoint Detection and Response) for prompt identification and response to ransomware indicators
  • Regularly back up data to reduce damage and loss
  • Deploy AI-based analytics solutions and advanced malware detection technology for real-time threat detection and response

Report

Check This:  Williamsburg is basically ‘Wellnessburg,’ and we have the healthy travel guide to prove it

What do you think?

1.2k Points
Upvote Downvote

Leave a Reply

Avatar

Your email address will not be published. Required fields are marked *

Back to Top

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%

Add to Collection

No Collections

Here you'll find all collections you've created before.