Ransomware Alert: Ragnar Locker attack deploys virtual machine to avoid security

Ransomware Alert Ragnar Locker Attack deploys virtual machine to avoid security

UK-based cybersecurity firm Sophos reveals Ragnar Locker ransomware attack that deploys a virtual machine to bypass security.

Cybersecurity firm Sophos revealed details on the Ragnar Locker attack that targets companies demanding huge sums in ransom. The attack uses a virtual machine to infect the target computers. This allows the attack to bypass the security of local antivirus Softwares.

Ragnar Locker ransomware

The ransomware tends to target enterprises instead of individuals and demand large amounts of money to decrypt their files. Sophos’ report gave an example of Energias de Portugal, which stole ten terabytes of data and demanded 1,850 BTC (14.5 million USD at current trading price). They were threatened that if the ransom was not paid,, then the attackers would release the data to the public.

The attacker hides a small ransomware executable file within a virtual image and disguises it as an installer. As per Sophos’ report, “the attack payload was a 122 MB installer with a 282 MB virtual image” all to hide a 49 kB ransomware executable file.

The attackers target the Windows Remote Desktop Protocol (RDP) connections to establish a foothold on the targetted networks. Once the attacker has gained administrator-level access, they move across the network to clients and servers using native Windows tools such as Powershell and Windows Group Policy Objects (GPOs).

Ransomware attacks that demand cryptocurrency to decrypt files have been increasing in recent years. Just recently, Cryptopolitan reported that popstar Madonna was targeted in a crypto ransom scheme by REvil. The attackers would auction sensitive information about Madonna on May 25 with a starting bid of one million US dollars.

Ahmad Asghar

Ahmad Asghar

A first generation gamer at heart and tech buff by nature, have been involved in the tech sector for better part of a decade. With that insight and knowledge, he now covers blockchain, cryptocurrency and everything fintech so others can make sense of the industry.

Related News

Hot Stories

Bitcoin, Ethereum, Waves, and Stacks Daily Price Analyses – 16 August Roundup
Cardano price analysis: ADA holds uptrend intact above $0.55 support
Bitcoin price analysis: Bulls defend $24k as consolidation reigns supreme
Dogecoin price analysis: DOGE sharply breaks higher, reacts below $0.09
How can Bitcoin affect Hugo Boss?

Follow Us

Industry News

Best Twitter thread of the day - August 16th
Top tweets of the day - August 16th
Crypto lender Hodlnaut appeals for creditor protection in Singapore
Best Twitter thread of the day - August 15th
Gold tokenized in Brazil: Legislative official proposes crypto project