ElDorado Ransomware Strikes Panzer Solutions, Data for Sale
Incident Date:
June 6, 2024
Overview
Title
ElDorado Ransomware Strikes Panzer Solutions, Data for Sale
Victim
Panzer Solutions
Attacker
ElDorado
Location
First Reported
June 6, 2024
Overview of Panzer Solutions
Panzer Solutions LLC, based in Norwalk, Connecticut, is a prominent player in the Business Services sector, specializing in IT consulting and staffing services. With a workforce of 674 employees and an annual revenue of $57 million, the company is known for delivering tailored IT solutions, including system integration, digital transformation, and managed IT services. Their robust recruitment process and expertise in cloud computing, data analytics, and ERP systems set them apart in the industry.
Details of the Attack
Recently, the ransomware group ElDorado has claimed responsibility for an attack on Panzer Solutions, exfiltrating 120GB of sensitive data. This data is now up for sale on ElDorado's dark web leak site. The attack has significantly impacted Panzer Solutions, which prides itself on high standards in technology and consulting services.
About ElDorado Ransomware Group
Since its emergence in 2024, ElDorado quickly gained notoriety through a series of high-profile attacks. The group employs a double-extortion tactic, encrypting files and exfiltrating sensitive data to pressure victims into paying ransoms. ElDorado's meticulous targeting and sophisticated techniques, including phishing attacks and exploiting unpatched vulnerabilities, make them a formidable threat. Their ransom notes, typically named HOW_RETURN_YOUR_DATA.TXT, threaten ongoing attacks and data leaks if demands are not met.
Penetration and Vulnerabilities
It is likely that ElDorado penetrated Panzer Solutions' systems through phishing attacks or exploiting unpatched software vulnerabilities. The group's use of legitimate system administration tools for malicious purposes, known as living-off-the-land, makes their activities harder to detect. Panzer Solutions' extensive IT infrastructure and the critical nature of their services made them an attractive target for ElDorado.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.