New Attack TTP - Virtual Machines used for Ransomware
By MYBRANDBOOK
A new ransomware attack method takes defense evasion to a new level-deploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine. This is the first time Sophos has seen this kind of TTP used for a ransomware attack, according to Mark Loman, director of engineering, Threat Mitigation at Sophos. says, Mark Loman, director of engineering, Threat Mitigation at Sophos who further explains the attack.
SophosLabs Uncut has posted, “Ragnar Locker ransomware deploys virtual machine to dodge security,” a blog article that details a new Ragnar Locker TTP discovery, including a recent shift to deploy a well-known trusted hypervisor to hundreds of endpoints at the same time. This is the first time Sophos has seen this kind of TTP used for a ransomware attack, according to Mark Loman, director of engineering, Threat Mitigation at Sophos.
This shows on how the attackers have advanced their methods and attempts to evade detection. the research further says,
“In the last few months, we’ve seen ransomware evolve in several ways. But, the Ragnar Locker adversaries are taking ransomware to a new level and thinking outside of the box. They are deploying a well-known trusted hypervisor to hundreds of endpoints simultaneously, together with a pre-installed and pre-configured virtual disk image guaranteed to run their ransomware. Like a ghost able to interact with the material world, their virtual machine is tailored per endpoint, so it can encrypt the local disks and mapped network drives on the physical machine, from within the virtual plane and out of the detection realm of most endpoint protection products. The overhead involved to covertly run their 50 kilobyte ransomware seems like a bold, noisy move, but could pay-off in some networks that are not properly protected against ransomware,” said Mark Loman, director of engineering, Threat Mitigation at Sophos. “This is the first time we have seen virtual machines used for ransomware.”
Happiest Minds brings in an innovative GenAI chatbot
Happiest Minds Technologies has announced the new GenAI chatbot - ‘hAPPI...
Government mandates encryption for CCTV cameras to ensure netw
In the wake of issuing an internal advisory on securing CCTV cameras at g...
TRAI recommends allowing only Indian entities to participate i
The Telecom Regulatory Authority of India (TRAI) has recommended that onl...
Galaxy AI is available on more devices with Samsung One UI 6.1
Samsung has expanded the range of smartphones to which One UI 6.1 and Gala...
CENTRE FOR DEVELOPMENT OF TELEMATICS
HIMACHAL FUTURISTIC COMMUNICATIONS LTD.
TEJAS NETWORKS INDIA PVT. LTD.
DIGISOL SYSTEMS LTD.
Technology Icons Of India 2023: Sridhar Vembu
Sridhar Vembu is an Indian billionaire business magnate and the Founde...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
C-DAC keeps India ahead in IT & Electronics R&D space
Centre for Development of Advanced Computing (C-DAC) is the premier R&...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
EXCLUSIVE NETWORKS SALES INDIA PVT. LTD.
Exclusive Networks is a globally trusted cybersecurity specialist hel...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...