Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Ransomware Evolution: New Linux Variant Targets VMware ESXi with Vicious Precision
A new Linux variant of TargetCompany ransomware, targeting VMware ESXi environments, has emerged. This malware, also known as Mallox, FARGO, and Tohnichi, uses a custom shell script to deliver payloads and encrypt files, marking an evolution in their ransomware operations. Stay vigilant and update your…
Hot Take:
Looks like ransomware gangs are getting a Linux education! TargetCompany, a.k.a. Mallox, FARGO, and Tohnichi, has graduated to attacking VMware ESXi environments with a custom shell script. Guess they got tired of playing in Windows’ sandbox and decided to take a stroll on the Linux wild side!
Key Points:
- TargetCompany ransomware, also known as Mallox, FARGO, and Tohnichi, now has a Linux variant targeting VMware ESXi environments.
- This new variant uses a custom script to deliver and execute payloads, exfiltrating data to multiple servers for redundancy.
- Ransomware checks for VMware ESXi by looking for ‘vmkernel’ and encrypts VM-related files, appending a ‘.locked’ extension.
- A ransom note, “HOW TO DECRYPT.txt,” is left with instructions for victims to pay up and get a decryption key.
- Trend Micro attributes the attacks to an affiliate named “vampire,” with IP addresses traced back to an ISP in China.
Already a member? Log in here