ElDorado Ransomware Group Strikes TBM Consulting Group

Incident Date: Jun 06, 2024

Attack Overview

VICTIM

TBM Consulting Group

INDUSTRY

Business Services

LOCATION

USA

ATTACKER

ElDorado

FIRST REPORTED

June 6, 2024

Request Removal

ElDorado Ransomware Group Targets TBM Consulting Group

Overview of the Attack

The ransomware group ElDorado has claimed responsibility for a significant cyberattack on TBM Consulting Group, a management consulting firm specializing in operational excellence and business transformation. The attack resulted in the exfiltration of 485GB of sensitive data, which has been put up for sale on ElDorado's dark web leak site.

About TBM Consulting Group

TBM Consulting Group, headquartered in Morrisville, North Carolina, is a global operations consulting firm with a focus on Lean and Six Sigma methodologies. The company employs between 201 and 500 individuals and generates an annual revenue of approximately $40 million. TBM Consulting Group is renowned for its expertise in operational excellence, supply chain management, and private equity operational due diligence. The firm works with various industries, including manufacturing, healthcare, and services, to enhance efficiency, reduce waste, and increase profitability.

Vulnerabilities and Impact

Despite its strong industry standing, TBM Consulting Group's extensive network and valuable data made it an attractive target for cybercriminals. The attack has exposed vulnerabilities in the company's cybersecurity defenses, leading to significant operational and reputational damage. The exfiltrated data includes sensitive information that could have severe implications for the firm's clients and partners.

Profile of ElDorado Ransomware Group

ElDorado emerged in 2024 and quickly gained notoriety for its double-extortion tactics. The group not only encrypts victims' files but also exfiltrates sensitive data, threatening to release it publicly if ransom demands are not met. ElDorado's meticulous approach involves thorough reconnaissance to identify valuable data, which is then encrypted and marked with the extension .00000001. The group uses phishing attacks, unpatched vulnerabilities, and weaknesses in Remote Desktop Protocol (RDP) configurations to infiltrate systems.

Penetration Tactics

ElDorado likely penetrated TBM Consulting Group's systems through a combination of phishing attacks and exploiting unpatched software vulnerabilities. Once inside, they used legitimate system administration tools to blend in with normal operations, making detection difficult. The stolen data serves as leverage in their extortion attempts, adding pressure on the victim to comply with ransom demands.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.