ESXi Environments The Target Of TargetCompanys Linux Variant
"The TargetCompany ransomware group has introduced a new Linux variant that employs a custom shell script for payload delivery and execution a first for this ransomware. This variant exfiltrates victim information to two servers and checks for VMWare ESXi environments to maximize disruption and ransom potential. The ransomware targets ESXi servers by encrypting files and appending a "".locked"" extension then dropping a ransom note. Discovered in June 2021 and known as ""Water Gatpanapun"" TargetCompanys activities are most prevalent in Taiwan India Thailand and South Korea. The group uses sophisticated techniques like PowerShell scripts to bypass security defenses and FUD obfuscator packers. The new Linux variant marks an evolution in their strategy aiming to exploit critical Linux environments. An affiliate named ""vampire"" has been linked to broader campaigns targeting large IT systems with high ransom demands."