The Maze ransomware operators implemented a new detection avoidance technique and now encrypts targets files in a virtual machine with their malware. This type of attack was first implemented by Ragnar Locker in May when Ragnar Locker uses Windows XP virtual machines to encrypt victim files while bypassing windows security protocols.
Ragnar could have given assistance with this method of attack to Maze. Since Maze used Windows 7, the total attack size was significantly higher at 2,6 GB.
A $15M attack: Under pressure, Maze ransomware attackers resort to virtual machine trick from Ragnar Locker (upgraded to Windows 7 w/ easy payload swapping script). They were blocked again b/c of CryptoGuard (oet Twente) https://t.co/aZayfvxNij by @AltShiftPrtScn @threatresearch pic.twitter.com/oY6syPCUZM
— Mark Loman @🏡 (@markloman) September 17, 2020
The malware uses a VMware functionality to share the directories and devices in a virtual machine as a shared network. The virtual system mounts the shared path to acquire its data as a network drive from \VBOXSVR.
This technique kills the Antivirus software on the victim's computer/host making the executable files and virtual machine activities undetectable.
Sophos' Peter Mackenzie confirmed the attack at their London incident response centre and Hackers Review confirmed it on May 28. Sophos Intercept X function blocked the ransom attempt. Threat attackers are expected to deal with chrome browser software updates and security fixes for Microsoft Windows Update to initiate the strike. They are also supposed to have used a batch file which has been mounted with a Windows 7virtual machine for the VirtualBox VM database server.
Hey, check out this Free Online Image Hosting service and sharing Platform.
which have Great features that Allow you to host any image format from JPG, PNG, BMP, WEBP AND GIF
plus allow SEO ranking on images (edit the title) and customised whether to set your image private or not? gives you total control of your privacy
https://free-tool.online/ very soon advance photo editor will be added to its features.
Nice artical wonderful technique