New Ransomware Attack Vector – Virtual Machines

No one likes malware, but a particularly malicious type is called Ransomware, and it specifically preys on people’s data.

Ransomware essentially encrypts the entire user’s computer or specific files until a sum of money is paid to the attacker. While there is no guarantee the attacker will make the files or computer available again, it seems to be in their best interest to return access to the computer, otherwise no one else would pay once word got around.

A particularly nasty type of new ransomware has just been discovered, and it utilizes a surprising attack vector: virtual machines.

In a new report by Sophos, the operators of the Ragnar Locker are using another novel method to avoid being detected when encrypting files.

They are now deploying VirtualBox Windows XP virtual machines to execute the ransomware and encrypt files so that they are not detected by security software running on the host.

This attack is started by first creating a tool folder that includes VirtualBox, a mini Windows XP virtual disk called micro.vdi, and various executables and scripts to prep the system.

As the security software running on the victim’s host will not detect the ransomware executable or activity on the virtual machine, it will happily keep running without detecting that the victim’s files are now being encrypted.

Interestingly, Windows 10’s “Controlled Folder Access” may prevent this attack, as it prevents any unauthorized changes by applications without a password.

This is especially problematic for government organizations, business, and hospitals. In fact, one of their more recent attacks was on an energy company EDP (, where the attackers stole more than 10 TB of files and received a ransom of over 10 million dollars.

This attack illustrates how security software with behavioral monitoring is becoming more important to stem the tide of ransomware infections.

It’s more important than ever to implement safe browsing habits, and common sense when executing unknown files, as once the attacker is in your system, it’s game over.

My Patreon | My Website

Razer Blade 15 Update – Charger Broke, Definitely Buy an Extended Warranty

I’ve done a few updates on this matter and the most recent update is that it has finally started to reach its end of life. Last post I detailed that the camera and microphone no longer worked reliably if at all. More recently (today), I noticed that it wasn’t charging unless I moved the charging chord into a certain position. I take great care of my machines and I barely ever travel with this device, most of the time it sits on my desk at home, so there is minimal wear on the charging cable. It seems unacceptable that after a meager two years the cable ceases to work, but again, Razer hasn’t been great with quality control and their products. Jiggling the chord gets it to charge to full after some amount of fiddling but it’s unreliable. Additionally, previously one of the charging pins inside the charging port broke off. No idea how that happened but again, I barely ever move or travel with this laptop, so it seems unreasonably fragile.

Still, I’ve pointed out before that if you want the quality of looks and performance that Razer delivers, it’s a hard sell anywhere else. Not sure what my next laptop will be now that I’m in the market for a new one now, but I hope it will last me longer next time. Razer may still be my best bet going forward, but I’ll definitely be picking up some sort of extended warranty for any future Razer purchases, and buying directly from Amazon or another U.S. retailer.

My Patreon | My Website

Is the U.S. already in a recession?

The longest economic expansion the U.S. has ever seen may finally be over, thanks to the Coronavirus (COVID-19).

Even with U.S. hiring surging with a 273,000 gain right ahead of the virus, and the unemployment rate residing at 3.5%, the markets have seen steep declines these past weeks.

And, the data that was just released is based on job data from the 12th of February, before the virus started having a major impact on world events.

New research from M.I.T. suggests that the U.S. was vulnerable to a recession even before having the virus. In January, the chance of a recession in the next few months was about 70%.

If stocks give up all their gains that they’ve been enjoying for the past 12 months, the chance of a recession will grow to 80%, says Will Kinlaw, head of a research unit State Street Corp.

And, there were a few other signs a recession was close before the virus even hit. Industrial production was down 0.8% from last year, and the treasury yield curve was close to inversion in January. Inversion of the yield curve, where long-term interest rates are lower than short term ones, is a massive indicator of a recession.

Whether the recent pain in the markets is because of the virus, or the sign of something much bigger to come remains to be seen, but it’s likely the economic impact of COVID-19 will be felt for months to come.

My Patreon | My Website

Networking in C#, a simple library

Recently I wanted to make a simple multiplayer game in Unity, but I didn’t want to use their terribly made UNET, as even though it’s barely a few years old, it’s already deprecated. I also didn’t want to go with a third party like Photon Networking, because I don’t want to pay for CCU (Concurrent User) usage, server costs, and other misc fees.

No, what I wanted was a solution such as Minecraft implements, where you directly connect to a server and it’s served through peer-to-peer networking, with one player being a server. The solution? A small library called LiteNetLib. This library allows you to build multiplayer games in .NET (C#), including Unity, with no limitations on usage, including player count. It was exactly what I needed.

The documentation is slightly sparse but it wasn’t rocket science to get a small example up and running, and the developer seems pretty open to questions. There’s also a small sample included so you can see what it entails.


My Patreon | My Website