ElDorado Ransomware Group Strikes Baker Triangle: 2.7TB Data Theft
Incident Date:
June 6, 2024
Overview
Title
ElDorado Ransomware Group Strikes Baker Triangle: 2.7TB Data Theft
Victim
Baker Triangle
Attacker
ElDorado
Location
First Reported
June 6, 2024
ElDorado Ransomware Group Targets Baker Triangle in Major Cyber Attack
Overview of Baker Triangle
Founded in 1974 by Bryan Baker, Baker Triangle is a leading drywall and plaster specialty contractor based in Mesquite, Texas. The company has grown to become one of the largest wall and ceiling contractors in the nation, employing approximately 1,323 individuals. Specializing in commercial construction services, Baker Triangle offers expertise in drywall systems, plastering, and prefabrication. Their commitment to high-quality services and innovative construction methods has made them a significant player in the industry.
Details of the Ransomware Attack
The ransomware group ElDorado has claimed responsibility for a cyber attack on Baker Triangle, resulting in the theft of 2.7TB of data. The attack was announced on ElDorado's dark web leak site, where the stolen data has been put up for sale. With Baker Triangle's revenue estimated at $91.6 million, the impact of this data breach could be substantial.
About ElDorado Ransomware Group
Since its emergence in 2024, ElDorado has quickly gained notoriety for its double-extortion tactics. This method involves not only encrypting victims' files but also exfiltrating sensitive data, which is then used to pressure victims into paying the ransom. The group has claimed 15 victims over seven months, demonstrating a sophisticated and well-coordinated operation. ElDorado's attacks are characterized by meticulous targeting and the use of robust encryption algorithms, making it difficult for victims to recover their data without paying the ransom.
Potential Vulnerabilities and Attack Penetration
In the construction sector, companies like Baker Triangle may have been targeted due to potential vulnerabilities in their cybersecurity defenses. ElDorado commonly uses phishing attacks, unpatched software vulnerabilities, and weaknesses in Remote Desktop Protocol (RDP) configurations to infiltrate systems. Once inside, they conduct thorough reconnaissance to identify valuable data, which is then exfiltrated and encrypted. The group's use of legitimate system administration tools for malicious purposes makes their activities harder to detect.
Implications for Baker Triangle
This ransomware attack on Baker Triangle underscores the growing threat posed by sophisticated cybercriminal groups like ElDorado. The theft and potential sale of 2.7TB of data could have significant financial and reputational repercussions for the company. As the construction industry continues to digitize, the importance of robust cybersecurity measures cannot be overstated.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.