VMware ESXi Servers Encrypted by Lightning-Fast Python Script
Researchers at Sophos have warned of a new Python ransomware gang that is targeting VMware ESXi servers and virtual machines at lighting speed. According to security researchers, the Python code strikes incredibly fast and takes less than three hours to complete a ransomware attack, from initial breach to encryption. On Tuesday, Sophos stated that the attacks were some of the fastest that the company had ever seen. They appear to precision target the ESXi platform.
The Sophos team stated that it is rare to see Python used for ransomware, however, it makes sense as Python comes pre-installed on Linux systems such as ESXi and therefore Python-based attacks are possible on these systems. ESXi servers are bare-metal hypervisors that easily install onto servers and partitions them into multiple VMs, making them an attractive target to attackers. Threat actors capitalize on the fact that the ESXi installation allows for multiple VMs to share the same hard-drive storage and allows them to encrypt the centralized virtual hard drives used to store data across VMs. Therefore, when the centralized virtual hard drive is encrypted, multiple VMs are taken down at once.