Ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. It uses the Windows Virtual Storage API OpenVirtual Disk, AttachVirtualDisk, and GetVirtualDiskPhysicalPath functions to mount virtual disks. The code used to mount a VHD file is believed to have been taken from a recently published research by security researcher smelly__vx. The ransomware is not very active at this point, but it is a new family that we need to keep an eye on.
Source: https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/