Skip to content
Ransomware group

Eldorado

Eldorado is a ransomware family identified in 2024 as part of the continuing trend of ransomware operations developing Linux-based lockers to target VMware ESXi environments.

Profile source: Mallory opens in a new tab

Eldorado

Family profile

Eldorado is a ransomware family identified in 2024 as part of the continuing trend of ransomware operations developing Linux-based lockers to target VMware ESXi environments. The provided content places Eldorado alongside Play and SEXi as newer families in this trend, and specifically states that groups like Eldorado have developed Linux lockers for attacks against VMware ESXi hypervisors. Based on the content, its notable capability is encryption of Linux/ESXi environments, particularly virtualized infrastructure. No specific infection vector, threat actor attribution, victim industry focus, or indicators of compromise are directly provided for Eldorado beyond its association with ESXi-focused ransomware activity.

Ransomware.live

Operational record

View group record ↗

Reporting

Research mentioning Eldorado

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.