Python-based ransomware was used for carrying out successful cyberattacks in record time-less than 3 hours. Sophos cited the attack as one of the fastest ransomware attacks launched against victims.
The python based ransomware was planted in the system 10 minutes after the attacks hacked the TeamViewer account of the targeted organization.
Once the hackers get into the TeamViewer account, the hackers could target a vulnerable VMware ESXi server for moving forward with the attack.
The server is vulnerable because of an active shell; the shell allows the Bitvise software to be installed.
The attackers use Bitvise to tap into ESXi and other virtual disk files.
- The ransomware includes different sets of encryption keys, email addresses, and options for customizing the suffix to append the encrypted files.
- Once installed, the ransomware disables all VMs and begins encryption, making it difficult for victims to decrypt the files.
As the author of the article puts it, “The growing number of ransomware attacks leveraging virtual machines is a pressing issue that organizations must take care of. Hardening the security of ESXi and other hypervisors with complex passwords is one of the best security practices to prevent attacks. Wherever possible, enable the use of MFA, and enforce the same for accounts with privileged permissions such as domain administrators.”