-
Virtual Machines VM’s Are Being Used to Hide Ransomware Activity
As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people). We are now seeing the use of VMs to implement and hide malicious activity including ransomware. The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible. Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good. Some…
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute