Unknown ransomware uses a Python script to encrypt virtual machines on VMware ESXi servers, Sophos researchers warn.Although regular Python is almost never used in the development of ransomware, it is a perfectly logical choice for ESXi, since such Linux-based servers usually come with Python installed by default.
It is noted that this was one of the fastest attacks investigated by Sophos: it took about three hours from the moment of the hack to the deployment of the ransomware script.
The attackers compromised the victim’s network on a weekend night by logging into the TeamViewer account running on the device with domain administrator rights. Once they got online, the hackers started looking for additional targets with Advanced IP Scanner and logged into the ESXi server through the built-in ESXi Shell SSH service, which was accidentally left enabled (disabled by default). Then the ransomware operators executed a 6Kb script written in Python to encrypt the virtual disks and configuration files of all virtual machines.
Ransomware note from cybercriminals
Bleeping Computer notes that this is not the first time an attack on ESXi servers has occurred.
Let me remind you that we also said that Spammers flooded the PyPI repository with links to pirated movies.
User Review( votes)