Hypervisors are increasingly becoming victims of ransomware attacks.
Researchers at security company Huntress are raising the alarm about a sharp increase in ransomware attacks on hypervisors, The Register reports. In the first half of the year, only three percent of ransomware incidents occurred via the hypervisor, but this has risen to 25 percent in the fall.
Hypervisors as a blind spot
According to Huntress, attackers are targeting hypervisors that are not well secured. A successful attack gives attackers the ability to manipulate or encrypt entire VM environments. In some cases, they use built-in tools such as OpenSSL to encrypt virtual disks, without having to install their own malware.
Huntress reports that attackers often first gain network access and then use stolen login credentials to take over hypervisors. Hyper-V tools are then misused to adjust VM settings, disable security features, and manipulate virtual switches to deploy ransomware on a large scale.
MFA & patching
The researchers advise companies to set strong passwords and multi-factor authentication, but also to patch on time. They also advocate for better host security and processing and analyzing logs.