Ransomware poses a significant threat to organizations worldwide, including those in Vietnam. In the first half of 2024, Vietnam experienced ransomware attacks that resulted in losses and disruptions to online services across various sectors such as securities, energy, telecommunications, and logistics.

VNCERT/CC, a branch of the Authority of Information Security (AIS), highlighted Eldorado as a new type of RaaS (ransomware as a service) that emerged in March. This ransomware is associated with versions targeting the VMware ESXi virtual manager and Windows operating system.

Researchers from Group-IB observed Eldorado’s operations and noted that these attacks were advertised on the RAMP forum, seeking individuals with advanced cyber attack skills.

Eldorado, coded in Go programming language, can encrypt both Windows and Linux operating systems through two distinct but similar variants, expanding its range of impact.

Group-IB discovered that Eldorado employs ChaCha20 algorithms for data encryption, appending files with a “.00000001” extension and leaving ransom notes named “HOW_RETURN_YOUR_DATA.TXT” in Documents and Desktop folders.

In addition to file encryption, Eldorado leverage SMB communication protocol to encrypt network shares and deletes shadow copies on compromised Windows systems to hinder recovery efforts. The malware is programmed to self-delete by default to evade detection and analysis.

VNCERT/CC warned that Eldorado’s capabilities extend to encrypting files on VMware ESXi systems, leading to disruptions in server and workstation operations, impeding data access, and causing business interruptions.

Targeting widely-used systems in Vietnam like VMware ESXi and Windows, Eldorado can disable and encrypt virtual machines, disrupting the entire virtual infrastructure.

To safeguard information systems, administrators of agencies, organizations, and businesses utilizing VMware ESXi and Windows are advised to implement specific security measures:

Utilize multi-factor authentication and access solutions based on authenticated information
Employ EDR (Endpoint Detection and Response) for prompt identification and response to ransomware indicators
Regularly back up data to reduce damage and loss
Deploy AI-based analytics solutions and advanced malware detection technology for real-time threat detection and response

Report

Check This: Williamsburg is basically ‘Wellnessburg,’ and we have the healthy travel guide to prove it

Matthew Perry’s Co-Star from ‘Friends’ Raises Concerns with Altered Appearance

Exciting Moment for Arch Manning as Matthew McConaughey Shows Support Despite Texas Win

Taylor Swift and Travis Kelce Enjoy Chiefs’ Week 1 Victory with a Romantic Celebration

Pedro Almodovar’s ‘The Room Next Door’ Takes Home Top Prize at Venice Film Festival 2024

Discussion Between Jennifer Lopez and Matt Damon Regarding Ben Affleck

Taylor Fritz Reaches US Open Final with Support from Morgan Riddle

Stay Alert for New Ransomware Threats, Urges MIC

What do you think?

Shipwrecks and Missing Crew Members Due to Typhoon Yagi

Vietnam’s Prime Minister Urges $4.03 Billion Investment in Infrastructure Bonds

New Chairman of ACV Appointed

Typhoon Yagi’s Impact: Car Lifted in Quang Ninh Caught on Video

Typhoon Yagi causes extensive damage in Ha Long and leads to the closure of a bridge

Leave a Reply Cancel reply

What do you think?

Leave a Reply Cancel reply

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections