Ransomware Gang Encrypts Servers with Python Script

Share post:

In a recent discovery by Sophos security researchers, operators of an unidentified ransomware gang are currently using a Python script to encrypt virtual machines on vulnerable VMware ESXi servers.

According to SophosLabs Principal Researcher Andrew Brandt, “In what was one of the quickest attacks Sophos has investigated, from the time of the initial compromise until the deployment of the ransomware script, the attackers only spent just over three hours on the target’s network before encrypting the virtual disks in a VMware ESXi server.”

To achieve their goal, the attackers infiltrated the victim’s network by logging into a TeamViewer account that had a domain admin logged in to it. Afterwards, they used the Advanced IP Scanner to search for additional targets and simultaneously login to an ESXi server via the built-in SSH ESXi shell service.

They then executed a 6kb Python script (which allows attackers to use multiple encryption keys and email addresses and customize the file suffix for the encrypted files) to encrypt the virtual disk and VM settings files of all virtual machines.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 29, 2024 – PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL...

This episode reports on a US$10 million reward for a ransomware gang, a new Linux version of a backdoor

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways