Security News > 2020 > May > The ransomware that attacks you from inside a virtual machine
2020-05-22 16:07
To ensure their 49 kB Ragnar Locker ransomware ran undisturbed, the crooks behind the attack bought along a 280 MB Windows XP virtual machine to run it in.
VirtualBox is hypervisor software that can run and administer one or more virtual guest computers inside a host computer.
Typically, guests are sealed off from the host, and processes running inside the guest are unable to interact with the host's operating system.
Running their malware inside a virtual machine allowed them to hide it from the prying eyes of security software on the host.
With those drives mounted inside the guest, the ransomware could encrypt the files on them from inside the protective cocoon of the virtual machine.
News URL
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Five backup lessons learned from the UnitedHealth ransomware attack (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- SafePay ransomware gang claims Microlise attack that disrupted prison van tracking (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- Starbucks, grocery stores impacted by Blue Yonder ransomware attack (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- Romanian energy supplier Electrica hit by ransomware attack (source)