The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.
Sophos acted quickly to put out a patch that stopped the hackers' attempts to deploy ransomware on enterprise networks protected by Sophos firewall devices.