Reply to post: Re: Once they've gained administrative access

Forget BYOD, this is BYOVM: Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems

stiine Silver badge

Re: Once they've gained administrative access

No. Not at all. Once they have admin rights, they still have to evade your IDS/IPS/AV and any monitoring systems. That's what they use the VM for. What they can't hide is the memory used by their VM.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020