Article 6NCWT New Linux Version of Ransomware Targets VMware ESXi

New Linux Version of Ransomware Targets VMware ESXi

by
EditorDavid
from Slashdot on (#6NCWT)
"Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments," reports BleepingComputer:In a report Wednesday, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine... Once on the target system, the payload checks if it runs in a VMware ESXi environment by executing the 'uname' command and looking for 'vmkernel.' Next, a "TargetInfo.txt" file is created and sent to the command and control (C2) server. It contains victim information such as hostname, IP address, OS details, logged-in users and privileges, unique identifiers, and details about the encrypted files and directories. The ransomware will encrypt files that have VM-related extensions (vmdk, vmem, vswp, vmx, vmsn, nvram), appending the ".locked" extension to the resulting files. Finally, a ransom note named "HOW TO DECRYPT.txt" is dropped, containing instructions for the victim on how to pay the ransom and retrieve a valid decryption key."After all tasks have been completed, the shell script deletes the payload using the 'rm -f x' command so all traces that can be used in post-incident investigations are wiped from impacted machines." Thanks to long-time Slashdot reader joshuark for sharing the article.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments