New Ransomware-as-a-Service Eldorado Targets Windows and Linux Systems

Emerging Ransomware-as-a-Service: Eldorado Targets Both Windows and Linux

The shadowy world of cybercrime is perpetually evolving, and the latest menace is a Ransomware-as-a-Service (RaaS) operation dubbed Eldorado. This new operation, which carries ransomware locker variants aimed at encrypting files on both Windows and Linux systems, has stirred significant concern within the cybersecurity community.

Debut of Eldorado

Eldorado made its dubious debut on March 16, 2024. The operation was announced on RAMP, a well-known ransomware forum. The Singapore-headquartered cybersecurity firm, Group-IB, played a crucial role by infiltrating the ransomware group and shedding light on its operations.

According to Group-IB, the modus operandi of Eldorado is straightforward yet effective. The group offers a compelling affiliate program that attracts cybercriminals eager to participate in ransomware attacks, ultimately splitting the ill-gotten gains.

Distinctive Features and Operation

One of Eldorado’s distinctive traits is its dual compatibility with both Windows and Linux operating systems. Most ransomware variants traditionally target Windows platforms due to their ubiquitous nature. However, Eldorado’s developers appear to have recognized the expanding landscape of Linux usage and adapted their malware accordingly.

This cross-platform functionality amplifies the threat posed by Eldorado, making it a versatile tool in the cybercriminal arsenal. Potential targets range from individual users to expansive enterprise infrastructures, heightening the stakes for victims and defenders alike.

The RAMP Affiliate Program

The advertisement for Eldorado’s affiliate program on RAMP emphasizes the collective effort to spread their ransomware. This business model, often associated with traditional SaaS, allows affiliates to deploy ransomware attacks in return for a share of the ransom payments.

Group-IB’s infiltration provided critical insights into the workings of Eldorado, including strategies that affiliates use to breach systems and propagate the malware. This intelligence is pivotal for cybersecurity defenses, enabling organizations to anticipate and counteract potential threats.

💡Hint: Regularly updating both Windows and Linux systems is essential to defend against ransomware threats like Eldorado. Implementing robust backup strategies ensures that data can be restored without succumbing to ransom demands.

Mitigation Strategies

Protecting against Eldorado and similar ransomware threats necessitates a multi-faceted approach:

  • Regular Backups: Maintain offline backups of critical data to ensure recovery in case of an attack.
  • Update Systems: Keep both operating systems and software up-to-date with the latest security patches.
  • Network Segmentation: Implement network segmentation to contain the spread of malware within an organization.
  • User Education: Educate employees about phishing attacks and the importance of cyber hygiene.
  • Endpoint Protection: Deploy comprehensive endpoint protection solutions to detect and neutralize ransomware.

Organizations must also proactively monitor threat intelligence feeds and collaboration forums to stay abreast of emerging threats and defensive techniques. Additionally, running regular security audits and penetration testing can identify and remedy vulnerabilities before they are exploited.


Eldorado is a stark reminder of the perils lurking in the cyber world. Its emergence underscores the necessity for robust and dynamic cyber defense strategies that adapt to evolving threats. Enterprises and individuals alike must remain vigilant and proactive to thwart the nefarious endeavors of cybercriminal syndicates.

Have thoughts on this burgeoning threat? Feel free to leave a comment below or share this article on social media!

Discover more from KrofekSecurity

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *