Disappointed by having their attacks thwarted for times, the Maze ransomware criminals resorted to making use of a virtual machine to get about endpoint safety, security seller Sophos claimed.

Sophos investigated an attack by Maze that took area in July this year in which the ransomware criminals had penetrated a victim’s network 6 times before trying to executing the file encryption payload.

The Maze gang mapped out the target network by way of a area controller and succeeded in exfiltrating knowledge to cloud storage supplier Mega.nz and demanded a US$fifteen million (A$20.five million) ransom.

However, the ransom was not compensated and two initiatives by Maze to execute the ransomware were quarantined and unsuccessful, Sophos scientists claimed.

Borrowing a strategy from the earlier Ragnar Locker criminals, Maze set its ransomware payload inside an Oracle VirtualBox virtual machine to hide it from detection.

The .msi installer file Maze utilised weighs in at 733 megabytes as it works by using Home windows 7, as opposed to just 122 MB for Ragnar Locker’s Home windows XP-centered malware shipping set-up.

Expanded, the virtual machine Maze utilised was 1.9 gigabytes in size, and contained a 494 KB ransomware executable.

Even with the elaborate subterfuge utilized by Maze, the virtual machine-centered ransomware attack was detected and unsuccessful.