Eldorado
Eldorado is a ransomware family identified in 2024 as part of the continuing trend of ransomware operations developing Linux-based lockers to target VMware ESXi environments.
Profile source: Mallory opens in a new tabEldorado
Family profile
Eldorado is a ransomware family identified in 2024 as part of the continuing trend of ransomware operations developing Linux-based lockers to target VMware ESXi environments. The provided content places Eldorado alongside Play and SEXi as newer families in this trend, and specifically states that groups like Eldorado have developed Linux lockers for attacks against VMware ESXi hypervisors. Based on the content, its notable capability is encryption of Linux/ESXi environments, particularly virtualized infrastructure. No specific infection vector, threat actor attribution, victim industry focus, or indicators of compromise are directly provided for Eldorado beyond its association with ESXi-focused ransomware activity.
Ransomware.live
Operational record
Reporting
Research mentioning Eldorado
OT Ransomware Trends: Q2 2025 Analysis & Insights | Dragos
“Groups like Eldorado and Play have previously developed Linux lockers specifically to target VMware ESXi environments.”
Hypervisor Ransomware: CVE-2024-37085, AD Abuse, and the Escalating Threat to VMware ESXi Environments
2024: New families like Play, Eldorado, and SEXi continue the trend.