July 22, 2024 at 12:24AM A new Linux variant of the Play ransomware, known for double extortion tactics, has been discovered by Trend Micro researchers. This variant targets VMWare ESXi environments, expanding its potential victim pool. The ransomware has targeted industries such as manufacturing, IT, and retail, while collaborating with the services of Prolific Puma … Read more
July 19, 2024 at 03:24AM The Play ransomware group has developed a new Linux variant targeting ESXi environments, with potential collaboration with Prolific Puma. The ransomware utilizes evasion techniques and custom-built tools. To mitigate the risk of attacks on ESXi environments, it’s recommended to implement strong access controls, network segmentation, regular backups, and security monitoring. … Read more
June 6, 2024 at 01:59PM The Mallox ransomware group has introduced a new Linux variant that targets VMware ESXi environments. This variant uses a custom shell to execute ransomware on virtualized systems with high-level user privileges. The group has targeted various sectors and is now active in Taiwan, India, Thailand, and South Korea. Organizations are … Read more
June 5, 2024 at 07:19PM A new Linux variant of TargetCompany ransomware targets VMware ESXi environments using a custom script to execute payloads, exfiltrate data, and drop a ransom note. Trend Micro reports the ransomware encrypts specific file extensions, attributes the attacks to an affiliate named “vampire,” and provides recommendations for defense. The operation’s shift … Read more
June 5, 2024 at 05:56AM A new Linux variant of TargetCompany ransomware has been discovered, using a custom shell script to deliver and execute the payload, as well as exfiltrate victim information. This variant also targets VMware ESXi environments, potentially increasing the impact and chances of ransom payment. Trend Micro has observed increased activity of … Read more