Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers.

It's a little snippet of Python code – 6KB – that strikes fast and nasty, taking less than three hours to complete from initial breach to encryption.

A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.

Attackers used a script written in Python during a recent ransomware attack which took just three hours, encrypting all the virtual disks on the target's virtual machine hypervisor. Andrew ...

The report, “Python Ransomware Script Targets ESXi Server for Encryption,” details a sniper-like operation that took less than three hours to progress from breach to encryption.