Ransomware Hits Recycler Core Company: ElDorado Group Attack
Incident Date:
August 31, 2024
Overview
Title
Ransomware Hits Recycler Core Company: ElDorado Group Attack
Victim
The Recycler Core Company
Attacker
ElDorado
Location
First Reported
August 31, 2024
Ransomware Attack on The Recycler Core Company by ElDorado Group
The Recycler Core Company, a well-established entity in the automotive remanufacturing industry, has recently been targeted by the ElDorado ransomware group. This attack has raised significant concerns about cybersecurity vulnerabilities within the manufacturing sector.
About The Recycler Core Company
Located in Riverside, California, The Recycler Core Company specializes in the purchase, sale, and trading of rebuildable automotive cores. With over 20 years of experience, the company maintains an extensive inventory of more than 8 million cores, essential for various automotive remanufacturing processes. The company also offers competitive pricing on automotive scrap and catalytic converters, catering effectively to the needs of their clients in the rebuilding industry.
In addition to their core supply business, The Recycler Core Company is committed to sustainability and environmental conservation. They have implemented a comprehensive recycling program and have taken steps towards energy independence by installing solar panels and upgrading their facilities with energy-efficient lighting.
Attack Overview
The ElDorado ransomware group has claimed responsibility for the attack on The Recycler Core Company via their dark web leak site. The cybercriminals allege that they have gained access to sensitive data, potentially compromising critical information. This incident underscores the growing threat of ransomware in the automotive industry and highlights the need for enhanced cybersecurity measures.
About ElDorado Ransomware Group
ElDorado is a relatively new ransomware group that emerged in early 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, ElDorado's malware is written in Golang, allowing for cross-platform capabilities. The ransomware targets both Windows and Linux systems, including VMware ESXi. It uses ChaCha20 for file encryption and RSA-OAEP for key encryption, with encrypted files bearing a .00000001 extension.
The group actively recruits affiliates and pentesters on dark web forums, allowing them to customize attack parameters. ElDorado's tactics include encrypting files on shared networks using the SMB protocol and removing shadow volume copies on Windows to hinder recovery. The malware is designed to self-delete after execution to avoid detection.
Potential Vulnerabilities
The Recycler Core Company's extensive digital infrastructure and reliance on networked systems for inventory management and operations may have made them an attractive target for the ElDorado group. The company's commitment to sustainability and environmental conservation, while commendable, may have also introduced additional vulnerabilities through the integration of new technologies and systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.