ElDorado Ransomware Group Strikes Gough Homes: Data Breach Threat

Incident Date:

June 6, 2024

World map

Overview

Title

ElDorado Ransomware Group Strikes Gough Homes: Data Breach Threat

Victim

Gough Homes

Attacker

ElDorado

Location

West Jordan, USA

Utah, USA

First Reported

June 6, 2024

ElDorado Ransomware Group Targets Gough Homes in Devastating Attack

Overview of Gough Homes

Gough Homes, a family-owned business based in West Jordan, Utah, has been a prominent player in the construction and development of residential properties for 45 years. Specializing in custom-built homes, the company prides itself on high-quality craftsmanship, sustainable building practices, and exceptional customer service. With a team of skilled architects and designers, Gough Homes manages all aspects of the home-building process, from initial design to final construction.

Details of the Ransomware Attack

The ransomware group ElDorado has claimed responsibility for a recent attack on Gough Homes, resulting in the exfiltration of 2.8GB of sensitive data. The attack was announced on ElDorado's dark web leak site, where they threatened to release the stolen data if their ransom demands were not met. The attack has significantly disrupted Gough Homes' operations, putting their reputation and client trust at risk.

About ElDorado Ransomware Group

ElDorado emerged in 2024 and quickly gained notoriety for their double-extortion tactics. They not only encrypt victims' files but also exfiltrate sensitive data, increasing pressure on victims to pay the ransom. ElDorado's meticulous approach involves thorough reconnaissance to identify valuable data, which is then exfiltrated and encrypted. Their ransom notes, typically named HOW_RETURN_YOUR_DATA.TXT, threaten to leak or sell the stolen data if the ransom is not paid within seven days.

Penetration Tactics

ElDorado employs a variety of tactics to infiltrate systems, including phishing attacks, exploiting unpatched vulnerabilities, and weaknesses in Remote Desktop Protocol (RDP) configurations. Once inside a network, they use legitimate system administration tools for malicious purposes, making their activities harder to detect. The group’s sophisticated methods and robust encryption algorithms make it extremely difficult for victims to recover their data without paying the ransom.

Vulnerabilities and Impact

Gough Homes, like many small and medium-sized businesses, may have been targeted due to potentially less robust cybersecurity defenses. The attack highlights the critical need for regular updates, security patches, and comprehensive cybersecurity measures. The exfiltration of 2.8GB of data poses a significant threat to Gough Homes' operations, client trust, and overall reputation in the industry.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.