Eldorado Ransomware: A Dual-Platform Threat to Windows and VMware ESXi VMs, here is what to know, A Quick Look.


Eldorado Ransomware: A Dual-Platform Threat to Windows and VMware ESXi VMs, here is what to know, A Quick Look.

In the ever-evolving landscape of cybersecurity threats, a new menace has emerged: the Eldorado ransomware. This ransomware-as-a-service (RaaS) has swiftly gained notoriety, targeting both Windows and VMware ESXi virtual machines (VMs). In this article, we delve into the details of this threat, its operational characteristics, and the impact it poses to organizations worldwide.

Eldorado Ransomware

Eldorado: A Dual-Platform Threat

Eldorado, written in the Go programming language, is a versatile ransomware that poses a double threat. It can encrypt files on both Windows and Linux platforms, making it a formidable adversary for organizations running mixed environments. The ransomware operates through two distinct variants, each tailored to exploit vulnerabilities specific to its target platform.

Windows Variant of Eldorado Ransomware

The Windows variant of Eldorado leverages known vulnerabilities and outdated software to infiltrate systems. It preys on end-of-general-support (EOGS) products, emphasizing the importance of timely updates. Organizations failing to patch their Windows systems become prime targets for this variant. Once inside, Eldorado encrypts critical files, rendering them inaccessible until a ransom is paid.

Linux Variant of Eldorado Ransomware

The Linux-based variant of Eldorado exhibits sophisticated tactics. It can determine whether a victim’s machine runs in a VMware ESXi environment—a hypervisor commonly used for virtualization. By specifically targeting ESXi servers, the ransomware actors aim to disrupt operations more effectively and increase their chances of a successful ransom payout. This strategic focus on ESXi environments sets Eldorado apart from many other ransomware strains.

Operational Similarities

Despite their distinct targets, both Eldorado variants share operational similarities. Here are some key features:

Encryption Mechanism

Eldorado employs robust encryption algorithms to lock victims’ files. Once infected, organizations face the daunting task of recovering their data or paying the ransom. The ransom note, often delivered as a text file, provides instructions for payment and decryption.

User Manual

Interestingly, the Eldorado developer provides an “encryptor” along with a user manual. This manual outlines the ransomware’s capabilities, including the availability of 32-bit and 64-bit variants for VMware ESXi hypervisors and Windows. The user-friendly approach underscores the ransomware’s commercial nature, emphasizing its status as a service offered to cybercriminals.

Victim Profile

The gang behind Eldorado has already claimed 16 victims, primarily in the United States. The affected sectors span real estate, education, healthcare, and manufacturing. These diverse targets highlight the ransomware’s indiscriminate nature, as it seeks vulnerabilities across industries.

Mitigation Strategies

To protect against Eldorado and similar threats, organizations should consider the following measures:

  1. Patch Management: Regularly update software and promptly address known vulnerabilities. EOGS products are particularly vulnerable, so timely patching is critical.
  2. Backup and Recovery: Maintain robust backups of critical data. Regularly test the restoration process to ensure data recovery in case of an attack.
  3. Security Awareness: Educate employees about phishing emails and suspicious attachments. Human vigilance remains a crucial defense against ransomware.
  4. ESXi Hardening: For ESXi environments, disable unnecessary services like OpenSLP. Ensure ESXi servers are up-to-date and follow best practices for securing virtualization infrastructure.


Eldorado’s emergence underscores the need for organizations to stay vigilant. As cybercriminals continue to refine their tactics, proactive defense measures become paramount. By understanding the threat landscape and implementing robust security practices, organizations can mitigate the impact of ransomware attacks and safeguard their digital assets.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment