ElDorado Ransomware Hits New River Electrical, 2.44TB Data Compromised
Incident Date:
August 31, 2024
Overview
Title
ElDorado Ransomware Hits New River Electrical, 2.44TB Data Compromised
Victim
New River Electrical Corporation
Attacker
ElDorado
Location
First Reported
August 31, 2024
ElDorado Ransomware Group Targets New River Electrical Corporation
New River Electrical Corporation (NRE), a prominent electrical contractor based in North America, has fallen victim to a ransomware attack orchestrated by the ElDorado ransomware group. The attack, which was disclosed on ElDorado's dark web leak site, has reportedly compromised 2.44 TB of sensitive organizational data, posing significant risks to NRE's operations and data security.
About New River Electrical Corporation
Founded in 1953, New River Electrical Corporation is a well-established player in the electrical construction industry. The company specializes in substation construction and maintenance, overhead transmission and distribution, and underground electrical systems. NRE is known for its commitment to safety, quality, and community engagement, making it a trusted partner in electrical utility projects across North America. The company employs approximately 329 people and generates an annual revenue of $247.1 million.
Attack Overview
The ElDorado ransomware group claims to have infiltrated NRE's systems, gaining access to a substantial amount of sensitive data. The breach highlights the growing threat of ransomware attacks in the industrial sector, particularly targeting companies involved in critical infrastructure. The attackers have not disclosed the specific vulnerabilities they exploited, but the incident underscores the importance of comprehensive cybersecurity measures.
About ElDorado Ransomware Group
ElDorado is a relatively new ransomware group that emerged in early 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, ElDorado's malware is written in Golang, allowing for cross-platform capabilities. The ransomware targets both Windows and Linux systems, including VMware ESXi. It uses advanced encryption techniques, such as ChaCha20 for file encryption and RSA-OAEP for key encryption. The group is known for its aggressive recruitment of affiliates and pentesters on dark web forums, enabling them to customize attack parameters and generate custom ransomware samples.
Penetration and Impact
While the exact method of penetration remains unclear, ElDorado's ransomware is designed to encrypt files on shared networks using the SMB protocol and remove shadow volume copies on Windows systems to hinder recovery. The malware self-deletes after execution to avoid detection. Given NRE's extensive involvement in critical infrastructure projects, the breach could have far-reaching implications, potentially disrupting essential services and compromising sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.