Ransomware-wielding attackers gained initial access to a victim’s installation of an enterprise-class hypervisor. The attack is notable for its speed, but also for a list of defensive mistakes made by the victim. The victim failed to use multifactor authentication to lock down remote-access tools, especially for users with admin-level access to core systems. Multiple groups have been seen targeting ESXi, including REvil, HelloKitty and BlackMatter. Attackers used Python script to encrypt a key to encrypt multiple systems at once, Sophos says.”]
Source: https://www.cuinfosecurity.com/how-ransomware-attackers-hit-virtual-machine-hypervisors-a-17675