{"id":124217,"date":"2021-06-24T16:22:39","date_gmt":"2021-06-24T23:22:39","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/06\/ransomware-now-gangs-are-using-virtual-machines-to-disguise-their-attacks"},"modified":"2021-06-24T16:22:39","modified_gmt":"2021-06-24T23:22:39","slug":"ransomware-now-gangs-are-using-virtual-machines-to-disguise-their-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/06\/ransomware-now-gangs-are-using-virtual-machines-to-disguise-their-attacks","title":{"rendered":"Ransomware: Now gangs are using virtual machines to disguise their attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/ransomware-now-gangs-are-using-virtual-machines-to-disguise-their-attacks2.jpg\"><\/a><\/p>\n<p>Cyber criminals are increasingly using virtual machines to compromise networks with ransomware.<\/p>\n<p>By using virtual machines as part of the process, ransomware attackers are able to conduct their activity with additional subtlety, because running the payload within a virtual environment reduces the chances of the activity being discovered \u2013 until it\u2019s too late and the ransomware has encrypted files on the host machine.<\/p>\n<p>During a recent investigation into an attempted <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/\">ransomware<\/a> attack, <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/ransomware-virtual-machines\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">cybersecurity researchers at Symantec<\/a> found the ransomware operations had been using VirtualBox \u2013 a legitimate form of open-source virtual machine software \u2013 to run instances of Windows 7 to aid the installation of ransomware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber criminals are increasingly using virtual machines to compromise networks with ransomware. By using virtual machines as part of the process, ransomware attackers are able to conduct their activity with additional subtlety, because running the payload within a virtual environment reduces the chances of the activity being discovered \u2013 until it\u2019s too late and the [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1625,1879],"tags":[],"class_list":["post-124217","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-encryption","category-virtual-reality"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/124217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=124217"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/124217\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=124217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=124217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=124217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}