ElDorado Ransomware Group Strikes Gough Homes: Data Breach Threat
Incident Date:
June 6, 2024
Overview
Title
ElDorado Ransomware Group Strikes Gough Homes: Data Breach Threat
Victim
Gough Homes
Attacker
ElDorado
Location
First Reported
June 6, 2024
ElDorado Ransomware Group Targets Gough Homes in Devastating Attack
Overview of Gough Homes
Gough Homes, a family-owned business based in West Jordan, Utah, has been a prominent player in the construction and development of residential properties for 45 years. Specializing in custom-built homes, the company prides itself on high-quality craftsmanship, sustainable building practices, and exceptional customer service. With a team of skilled architects and designers, Gough Homes manages all aspects of the home-building process, from initial design to final construction.
Details of the Ransomware Attack
The ransomware group ElDorado has claimed responsibility for a recent attack on Gough Homes, resulting in the exfiltration of 2.8GB of sensitive data. The attack was announced on ElDorado's dark web leak site, where they threatened to release the stolen data if their ransom demands were not met. The attack has significantly disrupted Gough Homes' operations, putting their reputation and client trust at risk.
About ElDorado Ransomware Group
ElDorado emerged in 2024 and quickly gained notoriety for their double-extortion tactics. They not only encrypt victims' files but also exfiltrate sensitive data, increasing pressure on victims to pay the ransom. ElDorado's meticulous approach involves thorough reconnaissance to identify valuable data, which is then exfiltrated and encrypted. Their ransom notes, typically named HOW_RETURN_YOUR_DATA.TXT, threaten to leak or sell the stolen data if the ransom is not paid within seven days.
Penetration Tactics
ElDorado employs a variety of tactics to infiltrate systems, including phishing attacks, exploiting unpatched vulnerabilities, and weaknesses in Remote Desktop Protocol (RDP) configurations. Once inside a network, they use legitimate system administration tools for malicious purposes, making their activities harder to detect. The group’s sophisticated methods and robust encryption algorithms make it extremely difficult for victims to recover their data without paying the ransom.
Vulnerabilities and Impact
Gough Homes, like many small and medium-sized businesses, may have been targeted due to potentially less robust cybersecurity defenses. The attack highlights the critical need for regular updates, security patches, and comprehensive cybersecurity measures. The exfiltration of 2.8GB of data poses a significant threat to Gough Homes' operations, client trust, and overall reputation in the industry.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.