VMware ESXi Servers Encrypted by Lightning-Fast Python Script

The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption.

Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines (VMs) with what they called “sniper-like” speed.

Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operations that, soup-to-nuts, are taking less than three hours to complete from initial breach to encryption.

“This is one of the fastest ransomware attacks Sophos has ever investigated, and it appeared to precision-target the ESXi platform,” Andrew Brandt, principal researcher at Sophos, was quoted as saying in a press release that accompanied his in-depth report.

Brandt noted that it’s rare to see the Python coding language used for ransomware. But its use makes sense, he explained, given that Python comes pre-installed on Linux-based systems such as ESXi, and thus makes Python-based attacks possible on these systems.

Targeting ESXi Is a No-Brainer

While the choice of Python for the ransomware is fairly distinctive, going after ESXi servers is anything but. Attackers love VMware’s ESXi (formerly known

Read More: https://threatpost.com/vmware-esxi-encrypted-python-script-ransomware/175374/