elpaco
Intelligence Profile
Elpaco is a variant of Mimic ransomware that emerged around August 2023. Designed with significant customization and stealth in mind, it targets Windows systems by abusing the Everything search utility to optimize file discovery and accelerate encryption. Operators exploit various initial access methods—most notably RDP brute-force and the Zerologon vulnerability (CVE-2020-1472)—to gain access, escalate privileges, and deliver the payload. The ransomware uses a 7z SFX dropper, deploys multi-threaded encryption, disables recovery options, and self-deletes after execution, leaving victims with encrypted files bearing Elpaco-specific extensions. It's recognized for its adaptability and advanced features compared to earlier Mimic variants.
Threat Analysis
elpaco is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like elpaco prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.