Ransomware Hits Recycler Core Company: ElDorado Group Attack
Ransomware Attack on The Recycler Core Company by ElDorado Group
The Recycler Core Company, a well-established entity in the automotive remanufacturing industry, has recently been targeted by the ElDorado ransomware group. This attack has raised significant concerns about cybersecurity vulnerabilities within the manufacturing sector.
About The Recycler Core Company
Located in Riverside, California, The Recycler Core Company specializes in the purchase, sale, and trading of rebuildable automotive cores. With over 20 years of experience, the company maintains an extensive inventory of more than 8 million cores, essential for various automotive remanufacturing processes. The company also offers competitive pricing on automotive scrap and catalytic converters, catering effectively to the needs of their clients in the rebuilding industry.
In addition to their core supply business, The Recycler Core Company is committed to sustainability and environmental conservation. They have implemented a comprehensive recycling program and have taken steps towards energy independence by installing solar panels and upgrading their facilities with energy-efficient lighting.
Attack Overview
The ElDorado ransomware group has claimed responsibility for the attack on The Recycler Core Company via their dark web leak site. The cybercriminals allege that they have gained access to sensitive data, potentially compromising critical information. This incident underscores the growing threat of ransomware in the automotive industry and highlights the need for enhanced cybersecurity measures.
About ElDorado Ransomware Group
ElDorado is a relatively new ransomware group that emerged in early 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, ElDorado's malware is written in Golang, allowing for cross-platform capabilities. The ransomware targets both Windows and Linux systems, including VMware ESXi. It uses ChaCha20 for file encryption and RSA-OAEP for key encryption, with encrypted files bearing a .00000001 extension.
The group actively recruits affiliates and pentesters on dark web forums, allowing them to customize attack parameters. ElDorado's tactics include encrypting files on shared networks using the SMB protocol and removing shadow volume copies on Windows to hinder recovery. The malware is designed to self-delete after execution to avoid detection.
Potential Vulnerabilities
The Recycler Core Company's extensive digital infrastructure and reliance on networked systems for inventory management and operations may have made them an attractive target for the ElDorado group. The company's commitment to sustainability and environmental conservation, while commendable, may have also introduced additional vulnerabilities through the integration of new technologies and systems.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!