Ransomware Attack Targets GC Custom Metal by ElDorado Group
Ransomware Attack on GC Custom Metal Fabrication by ElDorado Group
GC Custom Metal Fabrication Ltd, a prominent family-owned business based in Edmonton, Alberta, has recently fallen victim to a ransomware attack orchestrated by the ElDorado group. Known for its extensive experience in the metal fabrication industry, the company specializes in a wide array of services, including design, cutting, bending, welding, and finishing. With over 40 years of expertise, GC Custom Metal has established itself as a leader in both rapid prototyping and large-scale production runs.
The company operates from a modern facility spanning 32,000 square feet dedicated to manufacturing and an additional 3,000 square feet for office space. This setup allows them to manage projects entirely in-house, ensuring quality control and reduced lead times. Their commitment to quality is further underscored by their ISO 9001:2008 certification, which reflects adherence to international standards for quality management systems.
Attack Overview
The ElDorado ransomware group, which emerged in early 2024, has claimed responsibility for the attack on GC Custom Metal. This group operates as a Ransomware-as-a-Service (RaaS) platform, utilizing advanced techniques to target both Windows and Linux systems. The ransomware is written in Golang, providing cross-platform capabilities, and employs ChaCha20 for file encryption and RSA-OAEP for key encryption. The attack on GC Custom Metal involved the exfiltration of sensitive data, which the group has threatened to leak if their ransom demands are not met.
ElDorado Ransomware Group
ElDorado distinguishes itself by recruiting affiliates and pentesters on dark web forums, allowing them to customize attack parameters. The group is known for its ability to encrypt files on shared networks using the SMB protocol and for removing shadow volume copies on Windows systems to hinder recovery efforts. Their malware is designed to self-delete after execution, making detection and analysis challenging. Despite being a relatively new player, ElDorado has quickly demonstrated its capability to inflict significant damage across various sectors, including manufacturing.
Potential Vulnerabilities
GC Custom Metal's comprehensive in-house operations, while advantageous for quality control, may also present vulnerabilities. The integration of advanced technologies such as CNC machining and laser cutting could expose the company to cyber threats if not adequately protected. The attack highlights the importance of effective cybersecurity measures, especially for companies in the manufacturing sector that rely heavily on interconnected systems and networks.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!