Security News > 2024 > June > Linux version of TargetCompany ransomware focuses on VMware ESXi
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.
In a report today, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine.
Trend Micro analysts are attributing the attacks deploying the new Linux variant of TargetCompany ransomware to an affiliate named "Vampire," who is likely the same one in a Sekoia report last month.
Typically, TargetCompany ransomware focused on Windows machines but the release of the Linux variant and the shift to encrypting VMWare ESXi machines shows the evolution of the operation.
The researchers provide a list of indicators of compromise with hashes for the Linux ransomware version, the custom shell script, and samples related to the affiliate 'vampire.
Hosting firm's VMware ESXi servers hit by new SEXi ransomware.
News URL
Related news
- Linux version of RansomHub ransomware targets VMware ESXi VMs (source)
- Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (source)
- UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs (source)
- VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi (source)