Ransomware, Threat Intelligence

VMware ESXi targeted by TargetCompany for Linux ransomware

Closeup of a mobile phone screen with logo lettering of linux on computer keyboard

Attacks with a Linux variant of the TargetCompany ransomware, also known as FARGO, Mallox, and Tohnichi, have been launched against VMware ESXi environments, BleepingComputer reports.

Such intrusions — which were attributed to TargetCompany ransomware affiliate "vampire" suspected of being behind reported attacks targeted at vulnerable Microsoft SQL servers — involved the deployment of a custom shell script that would ensure administrative privileges and the existence of a TargetInfo.txt file containing exfiltrated victim information before deploying the ransomware, which then proceeds to encrypt files with extensions related to VM, according to a report from Trend Micro. After delivering a ransom note detailing payment instructions, TargetCompany for Linux is then erased by the shell script via the 'rm -f x' command, said researchers.

Further analysis of the latest TargetCompany ransomware attacks showed that a China-based ISP provider's IP addresses had been used for payload delivery and text file receipt but the origin of the attacker remains inconclusive.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.