June 5, 2024 at 05:56AM
A new Linux variant of TargetCompany ransomware has been discovered, using a custom shell script to deliver and execute the payload, as well as exfiltrate victim information. This variant also targets VMware ESXi environments, potentially increasing the impact and chances of ransom payment. Trend Micro has observed increased activity of this ransomware group in several Asian countries.
Based on the meeting notes, here are the key takeaways:
1. TargetCompany has developed a new Linux variant of its ransomware employing a custom shell script for payload delivery and execution, which can exfiltrate victim information to two different servers for backup purposes.
2. This Linux-based variant specifically targets VMWare ESXi environments, aiming to disrupt operations more effectively and increase the chances of a ransom payout.
3. The ransomware’s infrastructure includes IP addresses hosted by China Mobile Communications, and the usage of a short-term HTTPS certificate, indicating a potential for short-term use of the IP address.
4. The emergence of this new Linux variant underscores the need for vigilant measures against evolving ransomware threats, where multifactor authentication, regular system patching, and backup best practices can help mitigate the risk.
The meeting notes also include indicators of compromise (IOCs), URLs related to the ransomware payload, and MITRE ATT&CK tactics and techniques used by the ransomware. These details would be crucial for cybersecurity teams to use in detecting and mitigating the impact of the TargetCompany ransomware.
Please let me know if you need further assistance or more details on any specific aspect of the meeting notes.