Virtual Machines VM's Are Being Used to Hide Ransomware Activity

As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people).

We are now seeing the use of VMs to implement and hide malicious activity including ransomware.

The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible.

Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good.

Some best practices recommended by security firms is to use detection rules for unauthorized installation of VM software on your network. Know you network, know the machines on your network, and the software on the machines that are on your network.