Ransomware Gang Encrypts Servers with Python Script

Share post:

In a recent discovery by Sophos security researchers, operators of an unidentified ransomware gang are currently using a Python script to encrypt virtual machines on vulnerable VMware ESXi servers.

According to SophosLabs Principal Researcher Andrew Brandt, “In what was one of the quickest attacks Sophos has investigated, from the time of the initial compromise until the deployment of the ransomware script, the attackers only spent just over three hours on the target’s network before encrypting the virtual disks in a VMware ESXi server.”

To achieve their goal, the attackers infiltrated the victim’s network by logging into a TeamViewer account that had a domain admin logged in to it. Afterwards, they used the Advanced IP Scanner to search for additional targets and simultaneously login to an ESXi server via the built-in SSH ESXi shell service.

They then executed a 6kb Python script (which allows attackers to use multiple encryption keys and email addresses and customize the file suffix for the encrypted files) to encrypt the virtual disk and VM settings files of all virtual machines.

For more information, read the original story in Bleeping Computer.

SUBSCRIBE NOW

Related articles

Sleeper Supply Chain Attack Activates After 6 Years

A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21...

Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity

A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny...

Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)

(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked —...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways