Increased Targeting of Hypervisors by Ransomware Groups
Summary
Hide ▲
Show ▼
In 2025, there has been a significant surge in ransomware attacks targeting hypervisors, particularly by the Akira ransomware group. Huntress Labs reported that hypervisor-related ransomware incidents increased from 3% in the first half of the year to 25% in the second half. This trend highlights the growing risk of hypervisors as a critical attack surface in virtualized environments. Attackers exploit the limited visibility and protections of hypervisors to deploy ransomware at scale, bypassing traditional endpoint security controls. The article outlines the threats observed and provides practical guidance for securing hypervisor infrastructure, including patching, access control, runtime hardening, and robust recovery strategies.
Timeline
-
16.12.2025 17:01 1 articles · 2h ago
Surge in Hypervisor-Related Ransomware Incidents in 2025
In 2025, Huntress Labs reported a significant increase in ransomware attacks targeting hypervisors, with incidents rising from 3% in the first half of the year to 25% in the second half. The Akira ransomware group is primarily responsible for this trend, exploiting the limited visibility and protections of hypervisors to deploy ransomware at scale. The article outlines the threats observed and provides practical guidance for securing hypervisor infrastructure.
Show sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01
Information Snippets
-
Huntress Labs observed a surge in hypervisor-related ransomware incidents, increasing from 3% in the first half of 2025 to 25% in the second half.
First reported: 16.12.2025 17:011 source, 1 articleShow sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01
-
The Akira ransomware group is primarily driving this trend by targeting hypervisors to deploy ransomware at scale.
First reported: 16.12.2025 17:011 source, 1 articleShow sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01
-
Attackers leverage built-in tools like openssl to perform encryption of virtual machine volumes, avoiding the need for custom ransomware binaries.
First reported: 16.12.2025 17:011 source, 1 articleShow sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01
-
Compromised internal authentication credentials are often used to pivot towards hypervisors, granting elevated control over multiple guest systems.
First reported: 16.12.2025 17:011 source, 1 articleShow sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01
-
Attackers misuse Hyper-V management utilities to modify VM settings, disable endpoint defenses, and prepare VMs for ransomware deployment.
First reported: 16.12.2025 17:011 source, 1 articleShow sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01
-
CVE-2024-37085 allows attackers with adequate AD permissions to bypass authentication and seize full administrative control of an ESXi host.
First reported: 16.12.2025 17:011 source, 1 articleShow sources
- The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet — www.bleepingcomputer.com — 16.12.2025 17:01