Beware! A recently found Python-based ransomware employs novel ways to complete its harmful endeavor in less than three hours. According to researchers, it is one of the fastest attacks made against victims in record time.
What exactly do we know?
- Researchers discovered that a new ransomware version written in Python was deployed ten minutes after attackers gained access to the targeted organization’s Team Viewer account.
- The attackers were able to find a susceptible VMware ESXi server appropriate for the next step of the attack thanks to illegal access to the TeamViewer account.
- The server was likely open to exploitation due to an active shell, according to the researchers, which led to the installation of Bitvise software.
- Bitvise was used by the threat actors to access ESXi and other virtual disc files.
Ransomware based on Python
- The ransomware provides various sets of encryption keys, email addresses, and options for modifying the suffix that will be appended to the encrypted files.
- Once deployed, the ransomware disables all virtual machines and begins encrypting the data, making it difficult for victims to decrypt them.
Virtual machines are becoming a valuable target.
- While the use of Python for ransomware demonstrates the attackers’ evolving strategy, going against the ESXi server is nothing new.
- Previously, Linux versions of the REvil, HelloKitty, and DarkSide ransomware were discovered attempting to avoid detection by anti-virus software by targeting VMware ESXi systems.
The increasing amount of ransomware attacks exploiting virtual computers is a critical issue that businesses must address. One of the best security strategies for preventing attacks is to harden the security of ESXi and other hypervisors with difficult passwords. Enable MFA whenever possible, and enforce it for accounts with privileged access, such as domain administrators.
To read more, please check eScan Blog
