(844) 627-8267
(844) 627-8267

VMware ESXi targeted by TargetCompany for Linux ransomware | #ransomware | #cybercrime

Attacks with a Linux variant of the TargetCompany ransomware, also known as FARGO, Mallox, and Tohnichi, have been launched against VMware ESXi environments, BleepingComputer reports.

Such intrusions — which were attributed to TargetCompany ransomware affiliate “vampire” suspected of being behind reported attacks targeted at vulnerable Microsoft SQL servers — involved the deployment of a custom shell script that would ensure administrative privileges and the existence of a TargetInfo.txt file containing exfiltrated victim information before deploying the ransomware, which then proceeds to encrypt files with extensions related to VM, according to a report from Trend Micro. After delivering a ransom note detailing payment instructions, TargetCompany for Linux is then erased by the shell script via the ‘rm -f x’ command, said researchers.

Further analysis of the latest TargetCompany ransomware attacks showed that a China-based ISP provider’s IP addresses had been used for payload delivery and text file receipt but the origin of the attacker remains inconclusive.

Source link


National Cyber Security