New Linux Ransomware Targets VMware ESXi: Admin Privileges Required, Files Locked

Researchers discovered a new Linux variant of TargetCompany ransomware that targets VMware ESXi environments. This sneaky malware ensures it has administrative privileges before encrypting files with VM-related extensions, leaving them with a “.locked” suffix. Oh, and it cleans up after itself too—talk about a tidy cyber-criminal!

3P
Published: June 8, 2024 9:42 pmAdded: June 8, 2024 at 2:50 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Move over, Hollywood hackers—there’s a new villain in town, and it’s targeting your virtual machines with all the subtlety of a bull in a VMware shop!

Key Points:

  • New Linux variant of TargetCompany ransomware targets VMware ESXi environments.
  • Secures administrative privileges before executing malicious activities.
  • Uses ‘uname’ command to detect VMware ESXi environment and creates “TargetInfo.txt” file.
  • Encrypts VM-related files and appends the “.locked” extension.
  • Deletes payload post-encryption to erase traces of the attack.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?