The El Dorado ransomware group, identified in March 2024, operates as a Ransomware-as-a-Service (RaaS) platform, enabling affiliates to execute attacks using its malware infrastructure. This group has rapidly gained notoriety for its sophisticated attacks targeting both Windows and Linux systems across various industries, including real estate, education, professional services, healthcare, and manufacturing.
El Dorado rebranded themselves as Blacklock ransomware gang in late 2024.
El Dorado’s ransomware employs advanced encryption techniques, utilizing the Go programming language for cross-platform compatibility. It employs Chacha20 for file encryption and RSA-OAEP for key encryption, allowing it to encrypt files on shared networks using the Server Message Block (SMB) protocol.
In December 2024, El Dorado targeted Acumen Group, an IT services company specializing in Enterprise Resource Planning (ERP) solutions. The attack disrupted operations, encrypting critical data and demanding a ransom for its release.
Organizations are advised to implement robust cybersecurity measures, including regular data backups, system updates, and employee training, to mitigate the risk of falling victim to such ransomware campaigns.