Ransomware Attack Targets GC Custom Metal by ElDorado Group
Incident Date:
September 27, 2024
Overview
Title
Ransomware Attack Targets GC Custom Metal by ElDorado Group
Victim
GC Custom Metal Fabrication
Attacker
ElDorado
Location
First Reported
September 27, 2024
Ransomware Attack on GC Custom Metal Fabrication by ElDorado Group
GC Custom Metal Fabrication Ltd, a prominent family-owned business based in Edmonton, Alberta, has recently fallen victim to a ransomware attack orchestrated by the ElDorado group. Known for its extensive experience in the metal fabrication industry, the company specializes in a wide array of services, including design, cutting, bending, welding, and finishing. With over 40 years of expertise, GC Custom Metal has established itself as a leader in both rapid prototyping and large-scale production runs.
The company operates from a modern facility spanning 32,000 square feet dedicated to manufacturing and an additional 3,000 square feet for office space. This setup allows them to manage projects entirely in-house, ensuring quality control and reduced lead times. Their commitment to quality is further underscored by their ISO 9001:2008 certification, which reflects adherence to international standards for quality management systems.
Attack Overview
The ElDorado ransomware group, which emerged in early 2024, has claimed responsibility for the attack on GC Custom Metal. This group operates as a Ransomware-as-a-Service (RaaS) platform, utilizing advanced techniques to target both Windows and Linux systems. The ransomware is written in Golang, providing cross-platform capabilities, and employs ChaCha20 for file encryption and RSA-OAEP for key encryption. The attack on GC Custom Metal involved the exfiltration of sensitive data, which the group has threatened to leak if their ransom demands are not met.
ElDorado Ransomware Group
ElDorado distinguishes itself by recruiting affiliates and pentesters on dark web forums, allowing them to customize attack parameters. The group is known for its ability to encrypt files on shared networks using the SMB protocol and for removing shadow volume copies on Windows systems to hinder recovery efforts. Their malware is designed to self-delete after execution, making detection and analysis challenging. Despite being a relatively new player, ElDorado has quickly demonstrated its capability to inflict significant damage across various sectors, including manufacturing.
Potential Vulnerabilities
GC Custom Metal's comprehensive in-house operations, while advantageous for quality control, may also present vulnerabilities. The integration of advanced technologies such as CNC machining and laser cutting could expose the company to cyber threats if not adequately protected. The attack highlights the importance of effective cybersecurity measures, especially for companies in the manufacturing sector that rely heavily on interconnected systems and networks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.