Ransomware, Threat Intelligence

VMware ESXi targeted by TargetCompany for Linux ransomware

Share
Closeup of a mobile phone screen with logo lettering of linux on computer keyboard

(Adobe Stock)

Attacks with a Linux variant of the TargetCompany ransomware, also known as FARGO, Mallox, and Tohnichi, have been launched against VMware ESXi environments, BleepingComputer reports.

Such intrusions — which were attributed to TargetCompany ransomware affiliate "vampire" suspected of being behind reported attacks targeted at vulnerable Microsoft SQL servers — involved the deployment of a custom shell script that would ensure administrative privileges and the existence of a TargetInfo.txt file containing exfiltrated victim information before deploying the ransomware, which then proceeds to encrypt files with extensions related to VM, according to a report from Trend Micro. After delivering a ransom note detailing payment instructions, TargetCompany for Linux is then erased by the shell script via the 'rm -f x' command, said researchers.

Further analysis of the latest TargetCompany ransomware attacks showed that a China-based ISP provider's IP addresses had been used for payload delivery and text file receipt but the origin of the attacker remains inconclusive.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Ransomware attacks primarily caused by poor cyber hygiene

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Related Events

Related Terms

Black HatBotnetBusiness Email Compromise (BEC)Deauthentication AttackDictionary AttackDistributed ScansDomain HijackingFault Line AttacksPassword CrackingReconnaissance

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.