ElDorado Ransomware Strikes Kansas State Vet College: Data Breach & Encryption Threat

Incident Date:

June 6, 2024

World map

Overview

Title

ElDorado Ransomware Strikes Kansas State Vet College: Data Breach & Encryption Threat

Victim

Kansas State University College of Veterinary Medicine

Attacker

ElDorado

Location

Manhattan, USA

Kansas, USA

First Reported

June 6, 2024

ElDorado Ransomware Attack on Kansas State University College of Veterinary Medicine

Overview of the Victim

To begin with, the Kansas State University College of Veterinary Medicine is a prestigious educational institution dedicated to advancing animal health and welfare through education, research, and clinical services. The college offers rigorous academic programs, including Doctor of Veterinary Medicine (DVM) degrees and advanced graduate degrees. It is renowned for its cutting-edge research projects and comprehensive clinical services provided by the Veterinary Health Center. The institution has a rich history, being one of the oldest veterinary colleges in the United States, and has granted DVM degrees to over 7,000 individuals.

Details of the Attack

In a shocking turn of events, the ransomware group ElDorado has claimed responsibility for a cyberattack on the Kansas State University College of Veterinary Medicine. The attack involved the exfiltration and encryption of sensitive data, which is now being offered for sale on ElDorado's dark web leak site. The group left a ransom note named HOW_RETURN_YOUR_DATA.TXT, threatening to leak or sell the stolen data if their demands are not met within seven days. The attack has significantly disrupted the college's operations, affecting its educational, research, and clinical services.

About ElDorado Ransomware Group

ElDorado is a ransomware group that emerged in 2024, known for its double-extortion tactics. The group encrypts victims' files and exfiltrates sensitive data, increasing pressure to pay the ransom by threatening public release. ElDorado has claimed 15 victims over seven months, showcasing their aggressive and sophisticated approach. They employ various tactics, including phishing attacks, exploiting unpatched vulnerabilities, and leveraging weaknesses in Remote Desktop Protocol (RDP) configurations. Their meticulous targeting and use of robust encryption algorithms make them a formidable threat in the ransomware landscape.

Potential Vulnerabilities

It is important to note that the Kansas State University College of Veterinary Medicine, like many educational institutions, may have vulnerabilities that make it an attractive target for ransomware groups. These can include outdated software, insufficient cybersecurity measures, and a lack of regular security updates. The college's extensive use of digital systems for education, research, and clinical services further increases its risk profile, providing multiple entry points for cybercriminals.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.