New Attack TTP - Virtual Machines used for Ransomware
By MYBRANDBOOK
A new ransomware attack method takes defense evasion to a new level-deploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine. This is the first time Sophos has seen this kind of TTP used for a ransomware attack, according to Mark Loman, director of engineering, Threat Mitigation at Sophos. says, Mark Loman, director of engineering, Threat Mitigation at Sophos who further explains the attack.
SophosLabs Uncut has posted, “Ragnar Locker ransomware deploys virtual machine to dodge security,” a blog article that details a new Ragnar Locker TTP discovery, including a recent shift to deploy a well-known trusted hypervisor to hundreds of endpoints at the same time. This is the first time Sophos has seen this kind of TTP used for a ransomware attack, according to Mark Loman, director of engineering, Threat Mitigation at Sophos.
This shows on how the attackers have advanced their methods and attempts to evade detection. the research further says,
“In the last few months, we’ve seen ransomware evolve in several ways. But, the Ragnar Locker adversaries are taking ransomware to a new level and thinking outside of the box. They are deploying a well-known trusted hypervisor to hundreds of endpoints simultaneously, together with a pre-installed and pre-configured virtual disk image guaranteed to run their ransomware. Like a ghost able to interact with the material world, their virtual machine is tailored per endpoint, so it can encrypt the local disks and mapped network drives on the physical machine, from within the virtual plane and out of the detection realm of most endpoint protection products. The overhead involved to covertly run their 50 kilobyte ransomware seems like a bold, noisy move, but could pay-off in some networks that are not properly protected against ransomware,” said Mark Loman, director of engineering, Threat Mitigation at Sophos. “This is the first time we have seen virtual machines used for ransomware.”
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : B.V.R. Subrahmanyam
A 1987 batch (Chhattisgarh cadre) Indian Administrative Service Office...
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
Icons Of India : MADHABI PURI BUCH
Madhabi Puri Buch is the first-female chairperson of India’s markets...
NSE - National Stock Exchange
NSE is the leading stock exchange in India....
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
HPCL - Hindustan Petroleum Corporation Ltd.
HPCL is an integrated oil and gas company involved in refining, market...
Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip
Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...
Indian Tech Talent Excelling The Tech World - Vinod Dham, Founder & Executive Managing Partner, IndoUS Venture Partners
Vinod Dham, known as the “Father of the Pentium Chip,” has left an...