ElDorado Ransomware Group Strikes Baker Triangle: 2.7TB Data Theft

Incident Date:

June 6, 2024

World map



ElDorado Ransomware Group Strikes Baker Triangle: 2.7TB Data Theft


Baker Triangle




Mesquite, USA

Texas, USA

First Reported

June 6, 2024

ElDorado Ransomware Group Targets Baker Triangle in Major Cyber Attack

Overview of Baker Triangle

Founded in 1974 by Bryan Baker, Baker Triangle is a leading drywall and plaster specialty contractor based in Mesquite, Texas. The company has grown to become one of the largest wall and ceiling contractors in the nation, employing approximately 1,323 individuals. Specializing in commercial construction services, Baker Triangle offers expertise in drywall systems, plastering, and prefabrication. Their commitment to high-quality services and innovative construction methods has made them a significant player in the industry.

Details of the Ransomware Attack

The ransomware group ElDorado has claimed responsibility for a cyber attack on Baker Triangle, resulting in the theft of 2.7TB of data. The attack was announced on ElDorado's dark web leak site, where the stolen data has been put up for sale. With Baker Triangle's revenue estimated at $91.6 million, the impact of this data breach could be substantial.

About ElDorado Ransomware Group

Since its emergence in 2024, ElDorado has quickly gained notoriety for its double-extortion tactics. This method involves not only encrypting victims' files but also exfiltrating sensitive data, which is then used to pressure victims into paying the ransom. The group has claimed 15 victims over seven months, demonstrating a sophisticated and well-coordinated operation. ElDorado's attacks are characterized by meticulous targeting and the use of robust encryption algorithms, making it difficult for victims to recover their data without paying the ransom.

Potential Vulnerabilities and Attack Penetration

In the construction sector, companies like Baker Triangle may have been targeted due to potential vulnerabilities in their cybersecurity defenses. ElDorado commonly uses phishing attacks, unpatched software vulnerabilities, and weaknesses in Remote Desktop Protocol (RDP) configurations to infiltrate systems. Once inside, they conduct thorough reconnaissance to identify valuable data, which is then exfiltrated and encrypted. The group's use of legitimate system administration tools for malicious purposes makes their activities harder to detect.

Implications for Baker Triangle

This ransomware attack on Baker Triangle underscores the growing threat posed by sophisticated cybercriminal groups like ElDorado. The theft and potential sale of 2.7TB of data could have significant financial and reputational repercussions for the company. As the construction industry continues to digitize, the importance of robust cybersecurity measures cannot be overstated.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.