ElDorado is a ransomware-as-a-service (RaaS) group that emerged in March 2024 and later rebranded as BlackLock. The group's primary motivation is financial gain, achieved through double extortion tactics that involve encrypting victims' data and exfiltrating sensitive information with threats of public release. ElDorado is distinguished by its use of a highly effective, custom-built ransomware written in Golang, designed to target both Windows and Linux systems. A Russian-speaking representative advertised the RaaS offering on cybercriminal forums to recruit affiliates, indicating a structured criminal operation rather than a loose collective.