Linux version of TargetCompany ransomware focuses on VMware ESXi
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.
Also known as Mallox, FARGO, and Tohnichi, the TargetCompany ransomware operation emerged in June 2021 and has been focusing on database attacks (MySQL, Oracle, SQL Server) against organizations mostly in Taiwan, South Korea, Thailand, and India.
In February 2022, antivirus firm Avast announced the availability of a free decryption tool that covered variants released up to that date. By September, though, the gang bounced back into regular activity targeting vulnerable Microsoft SQL servers and threatened victims with leaking stolen data over Telegram.
In a report today, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine.
/image%2F6283631%2F20210518%2Fob_919b9b_ubuntu-software-center-in-kali-linux.jpeg)
