Ransomware Deploys Virtual Machine to Evade Detection
The targets chosen are more likely to be running VirtualBox, so its presence alone is not necessarily a red flag. This attack installs an unsigned SunxVM VirtualBox MSI from 2009, which should trigger endpoint defenses. Unplanned disabling of backup and remote management utilities also merits follow-up. As this group is also known for exfiltrating data, expect threats of data disclosure to accompany ransom demands.
Read more in
Bleeping Computer: Ransomware encrypts from virtual machines to evade antivirus