VideoBytes: Maze ransomware uses VM to encrypt files

Researchers from Sophos recently identified a new feature of Maze ransomware after investigating an attack of one of their customers. The new feature involves Maze first failing to infect the system through its traditional methods, then going the extra step of downloading and launching a virtual machine on the victim system. Once the virtual machine is established, the malware connects it to the local hard drives as a share, then launches the ransomware from inside of the virtual machine, which will encrypt the files in the shared folders.

Links: