ElDorado Ransomware Group Strikes Baker Triangle: 2.7TB Data Theft

Incident Date: Jun 06, 2024

Attack Overview
VICTIM
Baker Triangle
INDUSTRY
Construction
LOCATION
USA
ATTACKER
ElDorado
FIRST REPORTED
June 6, 2024

ElDorado Ransomware Group Targets Baker Triangle in Major Cyber Attack

Overview of Baker Triangle

Founded in 1974 by Bryan Baker, Baker Triangle is a leading drywall and plaster specialty contractor based in Mesquite, Texas. The company has grown to become one of the largest wall and ceiling contractors in the nation, employing approximately 1,323 individuals. Specializing in commercial construction services, Baker Triangle offers expertise in drywall systems, plastering, and prefabrication. Their commitment to high-quality services and innovative construction methods has made them a significant player in the industry.

Details of the Ransomware Attack

The ransomware group ElDorado has claimed responsibility for a cyber attack on Baker Triangle, resulting in the theft of 2.7TB of data. The attack was announced on ElDorado's dark web leak site, where the stolen data has been put up for sale. With Baker Triangle's revenue estimated at $91.6 million, the impact of this data breach could be substantial.

About ElDorado Ransomware Group

Since its emergence in 2024, ElDorado has quickly gained notoriety for its double-extortion tactics. This method involves not only encrypting victims' files but also exfiltrating sensitive data, which is then used to pressure victims into paying the ransom. The group has claimed 15 victims over seven months, demonstrating a sophisticated and well-coordinated operation. ElDorado's attacks are characterized by meticulous targeting and the use of robust encryption algorithms, making it difficult for victims to recover their data without paying the ransom.

Potential Vulnerabilities and Attack Penetration

In the construction sector, companies like Baker Triangle may have been targeted due to potential vulnerabilities in their cybersecurity defenses. ElDorado commonly uses phishing attacks, unpatched software vulnerabilities, and weaknesses in Remote Desktop Protocol (RDP) configurations to infiltrate systems. Once inside, they conduct thorough reconnaissance to identify valuable data, which is then exfiltrated and encrypted. The group's use of legitimate system administration tools for malicious purposes makes their activities harder to detect.

Implications for Baker Triangle

This ransomware attack on Baker Triangle underscores the growing threat posed by sophisticated cybercriminal groups like ElDorado. The theft and potential sale of 2.7TB of data could have significant financial and reputational repercussions for the company. As the construction industry continues to digitize, the importance of robust cybersecurity measures cannot be overstated.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.