Sophos researchers say the operators of the Maze ransomware have added a fresh trick to their bag of badness: Distributing the malware in the form of a VirtualBox virtual disk image. The VDI file itself was delivered inside of a Windows MSI file, which is a format used for installation, storage and removal of programs. In order to set up the VM on the target, the attackers also bundled a stripped down, 11-year-old copy of the VirtualBox hypervisor inside the.MSI file, researchers said.
Source: https://threatpost.com/maze-ransomware-ragnar-locker-virtual-machine/159350/