elpaco

ransomware group

Elpaco is a variant of Mimic ransomware that emerged around August 2023. Designed with significant customization and stealth in mind, it targets Windows systems by abusing the Everything search utility to optimize file discovery and accelerate encryption. Operators exploit various initial access methods—most notably RDP brute-force and the Zerologon vulnerability (CVE-2020-1472)—to gain access, escalate privileges, and deliver the payload. The ransomware uses a 7z SFX dropper, deploys multi-threaded encryption, disables recovery options, and self-deletes after execution, leaving victims with encrypted files bearing Elpaco-specific extensions. It's recognized for its adaptability and advanced features compared to earlier Mimic variants.