RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2024/06/10 17:07:19

TargetCompany (ransomware virus)

2024: The emergence of the virus

Company experts cyber security Trend Micro have discovered a new, virus extortioner attacking operating systems Linux and environments. virtualizations VMware The virus, known as TargetCompany, uses sophisticated penetration and masking techniques to enciphering data and extort ransom from users. Trend Micro announced this in June 2024.

The virus previously attacked databases in Windows environments. This time, attackers targeted Linux systems, actively using shell scripts to inject and run malware. The virus is especially dangerous for VMware ESXi environments, where it encrypts files with key extensions and adds the.locked suffix to them.

Trend Micro cybersecurity experts discover new ransomware virus

According to Trend Micro experts, attackers use PowerShell scripts and Fully Undetectable Packers (FUD) packers to bypass security tools, which allows them to hide malicious activity. According to Trend Micro research, attackers already have initial access to vulnerable SQL servers, where the spread of the virus begins. The PowerShell script loads the main malicious load, which then checks the system and sends information to the management server, after which the file encryption process begins.

Mikhail Zaytsev, an information security expert at SEQ, noted that a successful attack on the virtualization environment could stop processes for all users of this environment. This creates significant difficulties for virtual host operators, as they are forced to simultaneously cope with the loss of time and resources.

According to him, the attackers behind TargetCompany have expanded their goals to include virtualization servers to cause more damage and increase the chances of a ransom. This is done by checking the environment in which the virus is running, including the definition of VMware ESXi. Once the virus detects that the system is functioning in this environment, it begins to encrypt critical files, causing significant outages.

Trend Micro cybersecurity experts emphasize the need for enhanced protection against new ransomware virus options. Implementing multi-factor authentication (MFA), regularly backing up Rule 3-2-1 data, and updating systems and applications on time can significantly reduce the risk of attack.

According to Trend Micro, the group responsible for attacks on Linux systems is a group called Vampire, which previously attacked MS SQL databases. Studies have shown that the IP addresses associated with the delivery of the virus belong to the networks of the Internet provider in China.[1]

Notes