Maze ransomware now encrypts via virtual machines to evade detection

The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.

In May, we previously reported that Ragnar Locker was seen encrypting files through VirtualBox Windows XP virtual machines to bypass security software on the host.

The virtual machine would mount a host’s drives as remote shares and then run the ransomware in the virtual machine to encrypt the share’s files.

Read more…
Source: Bleeping Computer