Researchers at Trend Micro have analyzed a new Linux variant of the TargetCompany ransomware, which uses a custom shell script to deliver and execute the payload targeting VMware ESXi environments. This variant exfiltrates victim information to two different servers, enhancing the ransomware actors’ ability to disrupt operations and increase ransom payment chances. The Linux-based variant is capable of detecting whether the victim’s machine is running a VMware ESXi environment, aiming to expand its reach to critical Linux environments. By targeting ESXi servers, the threat actors behind TargetCompany seek to cause more damage and operational disruptions. This underscores the importance of remaining vigilant against new ransomware variants and implementing best cybersecurity practices to protect organizational assets.
Article Source
https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html