Bulletproof hosting providers renting cheap infrastructure to supply virtual machines to ransomware hackers

• Sophos reports bulletproof hosting providers renting VMmanager-based servers to cybercriminals
• Identical Windows templates leave thousands of exposed servers exploited for ransomware and malware campaigns
• Infrastructure linked to major groups (LockBit, Conti, BlackCat, Qilin, TrickBot, etc.) and sanctioned Russian hosting firm

Bulletproof hosting providers are renting cheap infrastructure to cybercriminals, providing them with virtual machines they can use in ransomware attacks, new research has found.

A report from Sophos explained how legitimate services were being abused to launch attacks at massive scales without the need to build custom infrastructure.

Whilst investigating several ransomware attacks, the team discovered many attackers were using Windows servers with identical hostnames (a name assigned to a device on a network). Since it was obvious that all those attacks couldn’t have been done by a single attacker, they dug deeper and found that the systems were actually virtual machines created from the same ...