Security News > 2020 > May > The ransomware that attacks you from inside a virtual machine
2020-05-22 16:07
To ensure their 49 kB Ragnar Locker ransomware ran undisturbed, the crooks behind the attack bought along a 280 MB Windows XP virtual machine to run it in.
VirtualBox is hypervisor software that can run and administer one or more virtual guest computers inside a host computer.
Typically, guests are sealed off from the host, and processes running inside the guest are unable to interact with the host's operating system.
Running their malware inside a virtual machine allowed them to hide it from the prying eyes of security software on the host.
With those drives mounted inside the guest, the ransomware could encrypt the files on them from inside the protective cocoon of the virtual machine.
News URL
Related news
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- Ahold Delhaize confirms data theft after INC ransomware claims attack (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
- Interlock ransomware claims DaVita attack, leaks stolen data (source)
- Ransomware attacks are getting smarter, harder to stop (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Marks & Spencer breach linked to Scattered Spider ransomware attack (source)
- Ukrainian extradited to US for Nefilim ransomware attacks (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Co-op confirms data theft after DragonForce ransomware claims attack (source)