Ransomware, Threat Intelligence

VMware ESXi targeted by TargetCompany for Linux ransomware

Closeup of a mobile phone screen with logo lettering of linux on computer keyboard

Attacks with a Linux variant of the TargetCompany ransomware, also known as FARGO, Mallox, and Tohnichi, have been launched against VMware ESXi environments, BleepingComputer reports.

Such intrusions — which were attributed to TargetCompany ransomware affiliate "vampire" suspected of being behind reported attacks targeted at vulnerable Microsoft SQL servers — involved the deployment of a custom shell script that would ensure administrative privileges and the existence of a TargetInfo.txt file containing exfiltrated victim information before deploying the ransomware, which then proceeds to encrypt files with extensions related to VM, according to a report from Trend Micro. After delivering a ransom note detailing payment instructions, TargetCompany for Linux is then erased by the shell script via the 'rm -f x' command, said researchers.

Further analysis of the latest TargetCompany ransomware attacks showed that a China-based ISP provider's IP addresses had been used for payload delivery and text file receipt but the origin of the attacker remains inconclusive.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

You can skip this ad in 5 seconds