Security News > 2020 > May > The ransomware that attacks you from inside a virtual machine
To ensure their 49 kB Ragnar Locker ransomware ran undisturbed, the crooks behind the attack bought along a 280 MB Windows XP virtual machine to run it in.
VirtualBox is hypervisor software that can run and administer one or more virtual guest computers inside a host computer.
Typically, guests are sealed off from the host, and processes running inside the guest are unable to interact with the host's operating system.
Running their malware inside a virtual machine allowed them to hide it from the prying eyes of security software on the host.
With those drives mounted inside the guest, the ransomware could encrypt the files on them from inside the protective cocoon of the virtual machine.
News URL
Related news
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Ransomware crisis deepens as attacks and payouts rise (source)