Linux version of TargetCompany ransomware focuses on VMware ESXi

Trend Micro recommends several measures for organizations to protect themselves against ransomware attacks like the Linux version of TargetCompany ransomware:

1. Enable multifactor authentication (MFA): MFA adds an extra layer of security by requiring users to provide more than one form of authentication to access their accounts or systems. This can help prevent unauthorized access by attackers who may have obtained user credentials through phishing or other means.

2. Create backups: Regularly backing up critical data can help organizations recover from ransomware attacks without having to pay the ransom. It is important to keep backup files offsite and disconnected from the main network to prevent them from being encrypted by the ransomware.

3. Keep systems updated: Ensuring that all software, firmware, and operating systems are up to date with the latest patches can help prevent ransomware attacks that exploit known vulnerabilities. This includes regularly updating anti-malware applications and enabling behavior monitoring features to detect and block suspicious activities.

4. Implement network segmentation: Segmenting the network can help limit the spread of ransomware in case of an infection. By separating critical systems and data from the main network, organizations can minimize the impact of an attack and make it more difficult for ransomware to propagate.

5. Monitor for suspicious activity: Regularly monitoring network traffic and system logs can help detect unusual activity that may be associated with a ransomware attack. This can include monitoring for file renaming or encryption activities, as well as monitoring for unauthorized access attempts or unusual data exfiltration.

6. Implement access controls: Restricting user privileges and implementing access controls can help prevent ransomware from gaining access to critical systems and data. This can include using the principle of least privilege, where users are granted only the minimum level of access necessary to perform their job functions.

7. Train employees: Educating employees about the risks of ransomware and how to identify and avoid potential threats can help prevent infections. This can include providing regular security awareness training and encouraging employees to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of falling victim to ransomware attacks and better protect their critical data and systems.

The "TargetInfo.txt" file that the ransomware sends to the command and control (C2) server contains victim information such as hostname, IP address, OS details, logged-in users and privileges, unique identifiers, and details about the encrypted files and directories. This information is used by the attackers to get a better understanding of the compromised system and to potentially tailor their attack or ransom demands based on the data gathered.