BleepingComputer recently reported on a series of attacks using a Linux variant of the TargetCompany ransomware, which is also known as FARGO, Mallox, and Tohnichi. These attacks specifically targeted VMware ESXi environments and were carried out by the ransomware affiliate “Vampire,” who is also suspected of targeting vulnerable Microsoft SQL servers.
The attackers used a custom shell script to gain administrative privileges within the compromised system. They also created a TargetInfo.txt file that contained victim information that was exfiltrated from the system. The ransomware was then deployed, encrypting files with VM-related extensions. After encrypting the files, the attackers delivered a ransom note with detailed payment instructions.
According to researchers at Trend Micro, the attackers then deleted the Linux variant of TargetCompany using the “rm -fx” command within the shell script. Further investigation into these attacks revealed that the IP addresses of a China-based ISP provider were used to deliver payloads and receive text files. However, the exact origin of the attackers remains unclear.
Overall, these attacks demonstrate the growing threat of ransomware targeting not only Windows systems but also Linux environments such as VMware ESXi. Organizations should ensure they have proper security measures in place to protect their systems from such attacks and regularly update their security protocols to stay ahead of evolving ransomware tactics.
Article Source
https://www.scmagazine.com/brief/VMware-esxi-targeted-by-targetcompany-for-linux-ransomware