"TargetCompany Ransomware Targets VMware ESXi on Linux"

A new Linux variant of the TargetCompany ransomware, also known as Mallox, FARGO, and Tohnichi, is targeting VMware ESXi environments using a custom shell script to deliver and execute payloads. This variant ensures administrative privileges, exfiltrates data, and encrypts VM-related files, appending a ".locked" extension. The ransomware operation, active since June 2021, has primarily targeted database systems in Asia. Trend Micro attributes the latest attacks to an affiliate named "vampire" and recommends measures like enabling MFA, creating backups, and keeping systems updated.