Python ransomware strikes virtual machines in 'ultra-high-speed' attacks

Python ransomware strikes virtual machines in 'radical-high-velocity' attacks

(Image credit: Future)

Cybersecurity experts have shared out details about a speedy new ransomware campaign offensive virtual machines (VM) hosted on a VMware ESXi hypervisor.

Describing it as a sniper-like operation, Sophos researchers lay claim that it took the attackers less than three hours from breaching the prey to encrypting IT.

"This is i of the quickest ransomware attacks Sophos has always investigated and it appeared to preciseness-target the ESXi platform," said Andrew Brandt, principal investigator at Sophos.

Take a consider our lean of the best virtual machine package
These are the foremost practical desktop services
Present are the best malware removal software happening the market

The researchers note that while malware that runs under a Linux-like operating system, such as the one ESXi uses, is still comparatively uncommon, hypervisors are an attractive target since the VMs they host ordinarily run business organisatio-critical services.

Splash and dash

Sophos researchers tote up that even notorious ransomware operators such As DarkSide and REvil have targeted ESXi servers.

However, deuce aspects of this specific attack that jump are the speed shown past the attackers, and the use of the Python ransomware.

The attackers logged into the network after flexible a TeamViewer account that was running in the background on a reckoner that belonged to a user with Domain Administrator certificate.

Ten minutes after logging in the attackers downloaded an IP scanner to map the network. Soon after characteristic the ESXi host, the attackers discovered that the target's staff had erroneously forgotten to disable the built-in SSH avail in ESXi.

It didn't take them long to log into the hypervisor to deploy the Python ransomware.

"Python is a coding language not commonly in use for ransomware. However, Python is pre-installed on Linux-based systems such as ESXi, and this makes Python-founded attacks possible on such systems," grounds the researchers, World Health Organization managed to scrape the ransomware for analysis after putting in some serious effort.

In their analysis, the researchers unravel the 6kb ransomware which was pretty dextrous and offered several customizable options to the attackers, in order to help admins secure their environments from a similar attempt.

Protect your devices with these best antivirus software

With almost two decades of writing and reporting connected Linux, Mayank Sharma would like everyone to think he's TechRadar Pro's expert on the topic. Of course, he's just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.