According to Sophos, a Python-based ransomware variant was used to target an company’s VMware ESXi server and encrypt all virtual disks in a recent attack. The attack used a custom Python script that, when run on the target organization’s virtual machine hypervisor, put all virtual machines offline.
According to security researchers at Sophos, the attackers were swift to deploy the ransomware: the encryption process began about three hours after the initial intrusion.
The attackers gained initial access using a TeamViewer account that did not have multi-factor authentication enabled and was running in the background on a computer owned by a user with Domain Administrator credentials.
To Read More: SecurityWeek