ragnar - X-Industry - Red Sky Alliance2024-03-28T08:54:40Zhttps://redskyalliance.org/xindustry/feed/tag/ragnarRagnar Locker Updatehttps://redskyalliance.org/xindustry/ragnar-locker-update2022-09-22T12:51:37.000Z2022-09-22T12:51:37.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10824332298,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10824332298,RESIZE_400x{{/staticFileLink}}" width="250" alt="10824332298?profile=RESIZE_400x" /></a>Our Friends at Fortinet have provided its latest technical analysis of the Ragnar Locker ransomware.</p>
<p><strong>Affected platforms:</strong> Microsoft Windows<br /> <strong>Impacted parties:</strong> Microsoft Windows Users<br /> <strong>Impact:</strong> Encrypts files on the compromised machine and demands ransom for file decryption<br /> <strong>Severity level:</strong> High</p>
<p>Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encryption algorithm, and demands that victims pay a ransom to recover their data. The Ragnar Locker group is known to employ a double extortion tactic. The ransom payment is not only for recovering affected files but also to prevent releasing that stolen information to the public. This group also claims that victims who meet their financial demands will receive information on how the attacker was able to compromise them, along with recommendations for security improvement as a bonus.</p>
<p>In addition to encrypting data, the ransomware deletes volume shadow copies, inhibiting the victim’s ability to recover affected files. It also checks for services such as: vss, sql, veeam, logmein, etc., and terminates them if found. While infection vectors of Ragnar Locker ransomware vary from victim to victim, compromising the victim’s network through RDP services exposed to the internet using brute forcing techniques and leaked credentials is believed to be one of the initial attack vectors. <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2017-0213">CVE-2017-0213</a> (Windows COM Elevation of Privilege Vulnerability) is then reportedly leveraged for privilege escalation and lateral movement. While the exact number of Ragnar Locker victims has not been identified, at least 16 companies have been listed on its leak site so far this year. Victims’ locales include North America, Europe, and Asia.</p>
<p>Ragnar Locker’s preferred payment method is Bitcoin. They ask a victim to first transfer one Bitcoin to the attacker’s wallet, which is revealed during negotiation, to confirm the transaction worked. The group also asks its victims not to hire professional negotiators, threatening to leak any stolen information if they become aware of the presence of law enforcement.<a href="#_ftn1">[1]</a> </p>
<p>Link to full report: <a href="{{#staticFileLink}}10824332674,original{{/staticFileLink}}">IR-22-263-001_RagnarLocker.pdf</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.fortinet.com/blog/threat-research/ransomware-roundup-ragnar-locker-ransomware?lctg=141970831">https://www.fortinet.com/blog/threat-research/ransomware-roundup-ragnar-locker-ransomware?lctg=141970831</a></p></div>Don’t “Friend” Ragnar Locker Ransomware Gang on Facebookhttps://redskyalliance.org/xindustry/don-t-friend-ragnar-locker-ransomware-gang-on-facebook2020-11-12T22:14:40.000Z2020-11-12T22:14:40.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8155549678,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8155549678,RESIZE_400x{{/staticFileLink}}" width="250" alt="8155549678?profile=RESIZE_400x" /></a>The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it downloaded in a November 3, 2020 attack unless a US$15 million ransom is paid in Bitcoin. Attacks that are carried out by the gang behind Ragnar Locker, break into company networks, make themselves admins, conduct reconnaissance, delete backups and deploy ransomware manually, before demanding multi-million dollar ransoms.</p>
<p>Cyber threat actors, who conduct similar “targeted” or “big game” ransomware attacks, the Ragnar Locker gang try to avoid detection as they operate inside a victim’s network with a tactic dubbed “living off the land”. Living off the land entails using legitimate software administration tools that either already exist on the network the crooks have broken into, or that don’t look suspicious or out of place. <a href="https://nakedsecurity.sophos.com/2019/02/14/inside-a-gandcrab-targeted-ransomware-attack-on-a-hospital/">PowerShell</a> framework has been used in this manner for attacks.</p>
<p>PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-source and cross-platform on 18 August 2016 with the introduction of PowerShell Core. The former is built on the.NET Framework, the latter on.NET Core.</p>
<p><a href="https://threatpost.com/campari-site-ransomware-hangover/161029/">Campari Group</a>, which owns a number of popular global brands including SKYY, Grand Marnier and Wild Turkey, has acknowledged the ransomware attack. This is a new spin on the <a href="https://threatpost.com/double-extortion-ransomware-attacks-spike/154818/">double-extortion ransomware tactic</a>, where criminals not only lock organizations out of their systems, but also threaten to release sensitive stolen data to the public if their demands are not met. The Facebook ads an entirely new layer of extortion pressure, letting the public know that Campari data is compromised and that the liquor giant is refusing to pay to keep it secure.</p>
<p>The ads, first spotted by researcher Brian Krebs on Nov. 9, 2020 were to-the-point and entitled, “Security Breach of Campari Group Network.” <a href="https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/">Ragnar Locker bought the ads</a> using a hacked Facebook account, which Krebs said were subsequently shown to more than 7,000 users before Facebook caught on and pulled them down.</p>
<p>“Cybercrime groups have no shame in their extortion attempts,” Chris Clements, vice president of solutions architecture with Cerberus Sentinel said. “They will use any and all options available to them to extract whatever money they can from their victims. The use of compromised Facebook user accounts to buy ad campaigns to further harass their victims is novel, but not at all out-of-character.”</p>
<p>First observed in 2019, the Ragnar Locker group started using the threat of making stolen data public in April 2020, when it launched a Wall of Shame site, security researcher who uses the handle Pancak3.</p>
<p>He added that the executables for both the <a href="https://threatpost.com/campari-site-ransomware-hangover/161029/">Campari ransomware attack</a> and a recent high-profile breach of <a href="https://threatpost.com/gaming-giant-capcom-ragnar-locker-ransomware/160996/">gaming giant Capcom</a> were signed by the same cert, linking both to the Ragnar Locker group. Pancak3 added that he thinks it shows that the Ragnar Locker ransomware operators are getting “more confident in their intrusion methods.” With the development of public advertising to increase pressure for victims to pay, it would appear the group is not even trying to hide their malicious activities any longer. In fact, they are publicizing them. An added concern is that everyday Facebook advertisers are now vulnerable to Ragnar Locker attacks.</p>
<p>“What this does show is that every online user is vulnerable to compromise and false financial charges should their social-media accounts be compromised and used to purchase ad campaigns on the corresponding platforms,” Clements said. “Users should ensure that two-factor authentication is enabled on all of their online accounts and that they do not reuse the same password across different websites or mobile applications.”</p>
<p>Backing up bad actions with public advertising is likely to be copied by other hacker gangs. Ragnar Locker appears to be somewhat of an influential group within the ransomware community. In September 2020, researchers observed the Maze group picking up the <a href="https://threatpost.com/maze-ransomware-ragnar-locker-virtual-machine/159350/">Ragnar Locker trick</a> of distributing ransomware with virtual machines, an approach experts at Sophos Managed Threat Response called “radical.”</p>
<p>The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to success. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. There are extensive reports on many of the threats mentioned in this article that can be found at <a href="https://redskyalliance.org/">https://redskyalliance.org</a>. There is no charge for these reports and articles posted.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication company wide.</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. <a href="http://www.infragard.org/">infragard.org</a></li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p> </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p><strong> </strong></p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p><strong>Weekly Cyber Intelligence Briefings: </strong></p>
<p><a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<p><a href="{{#staticFileLink}}8155550695,original{{/staticFileLink}}">TR-20-317-001.pdf</a></p>
<p> </p>
<p><a href="https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/">https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/</a></p>
<p> </p></div>Ragnar Locker Ransomwarehttps://redskyalliance.org/xindustry/ragnar-locker-ransomware2020-10-05T18:23:14.000Z2020-10-05T18:23:14.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8008662288,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8008662288,RESIZE_400x{{/staticFileLink}}" width="250" alt="8008662288?profile=RESIZE_400x" /></a>The popularity of ransomware threats does not seem to be decreasing. Instead, more and sophisticated ransomware threats are being deployed. Ragnar Locker is a new data encryption malware in this style. </p>
<p>The actors behind Ragnar Locker partnered with the Maze ransomware gang as a means of extorting victims whose unencrypted data they had stolen. This continued cooperation between ransomware gangs is a dangerous development. The sharing of advice. Tactics and a centralized data leak platform between different ransomware operations will only enable these actors to perform more advanced attacks and demand higher ransom payments.</p>
<p>Ragnar Locker is ransomware that affects devices running Microsoft Windows operating systems. It was initially observed towards the end of December 2019 as part of a series of attacks against compromised networks.</p>
<p>In general, this malware is deployed manually after an initial compromise, network reconnaissance and pre-deployed tasks on the network. This shows that this is a more complex operation than most ransomware propagation campaigns.</p>
<p>Before starting the Ragnar Locker ransomware, attackers inject a module capable of collecting sensitive data from infected machines and upload it to their servers. Next, threat actors behind the malware notify the victim the files will be released to the public if the ransom is not paid.</p>
<p>There is a group of steps executed by Ragnar Locker operators every time an organization or infrastructure is impacted. Digging into the details, attackers first compromise networks, infrastructures, and organizations using found vulnerabilities or through social engineering such as phishing attacks, spearphishing and Business Email Compromise attacks.</p>
<p>During the compromise process, reconnaissance, pre-deployment tasks, and data exfiltration are performed before executing the piece of ransomware. Each malware sample is unique, with the specific ransom note hardcoded inside the malware. The affected group name, the links to the bitcoin wallet, and the links to a dark web blog are embedded inside the binary</p>
<p>When the ransomware starts, it enumerates running processes and stops if some of these services contain specific strings, such as:</p>
<p>Vss, sql, memtas, mepocs, Sophos, veeam, backup, pulseway, logme, logmein, connectwise, splashtop, Kaseya</p>
<p>Ransomware in this line often disables some services as a way to bypass security protections and also database and backup systems to increase the impact of the attack. Also, database and mail services are stopped so that their data can be encrypted during the infection process. One of the particularities that spotlight Ragnar Locker is that it is targeting specifically remote management software often used by managed service providers (MSPs), such as the popular ConnectWise and Kaseya software.</p>
<p>Ragnar Locker adds the hardcoded extension “<strong>.ragnar_*</strong>” appended to the end of the file name and “<strong>*</strong>” is replaced by a generated and unique ID. All the available files inside physical drives are encrypted and, in the end, the notepad.exe process is opened and showing the ransom note file created on the victim’s system directory</p>
<p>Prevention measures:</p>
<p>We are living in an era where ransomware continues to grow, and the number of attacks has increased especially during the COVID-19 pandemic. There is no magic solution to prevent attacks of this nature, however, there is a set of good practices that can be applied in order to minimize the impact of data encryption attack.</p>
<ul>
<li>The use of an antivirus is mandatory. This software should be regularly updated</li>
<li>Patch updates regularly and update all the software including operating systems, network devices, applications, mobile phones and other software if applicable</li>
<li>Maintain a proper backup and restore mechanism and made it mandatory</li>
<li>Regularly test the recovery function of backup and restore procedures and also test the data integrity of backups</li>
<li>Conduct simulated ransomware preparedness tests. This is a rule of thumb to check the response of your ecosystem against these kinds of attacks</li>
<li>If you use Microsoft Office, install Microsoft Office viewers and always keep macros disabled by default</li>
<li>Limit access to mapped drives whenever possible and keep file sharing disabled by default. In general, ransomware looks into shared drives and encrypts files available on the network</li>
<li>Don’t enable remote services. The organizations with RDP, VPN, proxies and servers are to be provided with better IT security standards</li>
</ul>
<p>Security awareness training should be introduced in order to improve cyber education. The download of anything from untrusted sources should be flagged in our mind as a dangerous task.</p>
<p><strong>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></strong></p>
<ul>
<li><strong>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> </strong></li>
<li><strong>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></strong></li>
<li><strong>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </strong></li>
</ul>
<p><strong> <a href="{{#staticFileLink}}8004233301,original{{/staticFileLink}}">TR-20-280-001_RagnarLockerRedShort Ragnar.pdf</a></strong></p></div>CMA CGM hit with Ragnarhttps://redskyalliance.org/xindustry/cma-cgm-hit-with-ragnar2020-09-29T22:07:35.000Z2020-09-29T22:07:35.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}7983768092,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7983768092,RESIZE_400x{{/staticFileLink}}" width="250" alt="7983768092?profile=RESIZE_400x" /></a>French container shipping company CMA CGM was hit by a major cyber-attack on 27 September 2020, which disrupted its daily operations. According to Lloyd’s of London Intelligence sources, several of the company’s Chinese offices were affected by Ragnar Locker ransomware. CMA CGM initially claimed that their booking system was disabled by an internal IT issue, but later confirmed “external access to CMA CGM IT applications are currently unavailable” after the ransomware attack.</p>
<p>CMA CGM is working to reverse the impact of a ransomware attack that shut down many of its online services. The cyber-attack was launched using Ragnar Locker, a data encryption malware that has affected other companies. It is like an incident involving Portuguese energy firm EDP Renewables earlier in 2020. In an email sent on the 27<sup>th</sup> and seen by researchers, the hacker requested the French carrier to contact it within two days “via live chat and pay for the special decryption key.” The exact price was not shared outside the company.</p>
<p>In a customer advisory, CMA CGM said the websites of the company and its two subsidiaries, ANL and CNC, had become unavailable alongside its IT applications “due to an internal IT infrastructure issue.” CMA CGM staff in Europe report they have been told not to use any company IT equipment. </p>
<p><a href="{{#staticFileLink}}7983768889,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7983768889,RESIZE_400x{{/staticFileLink}}" width="250" alt="7983768889?profile=RESIZE_400x" /></a>Ragnar Locker is a ransomware that affects devices running Microsoft Windows operating systems. It was initially observed towards the end of December 2019 as part of a series of attacks against compromised networks. This malware is deployed manually after an initial compromise, network reconnaissance and pre-deployed tasks on the network. These tactics show this is a more complex operation than most ransomware propagation campaigns. Before starting the Ragnar Locker ransomware, attackers inject a module capable of collecting sensitive data from infected machines and upload it to their servers. Next, threat actors behind the malware notify the victim the files will be released to the public if the ransom is not paid.<a href="#_ftn1">[1]</a></p>
<p>Maze and Ragnar - Sophos reported 2 week ago that a cyber-attack in July 2020 showed bad actors repeatedly attempting to infect computers with Maze ransomware. Analysts discovered that the attackers had adopted a technique pioneered by the threat actors behind Ragnar Locker earlier in 2020, in which the ransomware payload was distributed inside of a virtual machine (VM).<a href="#_ftn2">[2]</a> In the Maze incident, the threat actors distributed the file-encrypting payload of the ransomware on the VM’s virtual hard drive (a VirtualBox virtual disk image (.vdi) file), which was delivered inside of a Windows .msi installer file more than 700MB in size. <a href="{{#staticFileLink}}7983773061,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7983773061,RESIZE_400x{{/staticFileLink}}" width="250" alt="7983773061?profile=RESIZE_400x" /></a> The attackers also bundled a stripped down, 11 year old copy of the VirtualBox hypervisor inside the .msi file, which runs the VM as a “headless” device, with no user-facing interface. The Maze-delivered virtual machine was running Windows 7, as opposed to the Windows XP VM distributed in the Ragnar Locker incident. A threat hunt through telemetry data initially indicated the attackers may have been present on the attack target’s network for at least three days prior to the attack beginning in earnest, but subsequent analysis revealed that the attackers had penetrated the network at least six days prior to delivering the ransomware payload.</p>
<p>This current cyber investigation also turned up several installer scripts that revealed the attackers’ tactics, and found that the attackers had spent days preparing to launch the ransomware by building lists of IP addresses inside the target’s network, using one of the target’s domain controller servers, and exfiltrating data to cloud storage provider Mega.nz. These threat actors initially demanded a $15 million ransom from the target of the attack. The victim company did not pay the ransom.</p>
<p>Last week Red Sky Alliance analysts identified CMS CGM’s name being used as part of a malicious email using the subject line “RE: CMA CGM CHRISTOPHE COLOMB – Bridge” (TR-20-265-001_Vessel_Impersonation). This email contained a malicious attachment containing TrojanDownloader:O97M/Emotet.CSK!MTB malware. This malware is typically used to steal sensitive information from a victim’s network but can also be used to download other malware including, but not limited, to ransomware. This demonstrates the value of pro-active, underground research to help identify vulnerabilities. </p>
<p><a href="{{#staticFileLink}}7983775082,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7983775082,RESIZE_400x{{/staticFileLink}}" width="400" alt="7983775082?profile=RESIZE_400x" /></a>Analysts have determined that this email screen shot is likely from this CMA CGM attack, as malicious emails often play a critical role in activating malware on a company’s network. That email had a “redacted” message body which would force many unwitting recipients into opening the attachment out of curiosity.</p>
<p> Attackers often use ransomware to earn a profit, however Ragnar has taken their attacks a step further. If a company can restore their data from backups and avoid paying the ransom, attackers will expose sensitive information online which was stolen as part of the ransomware attack. This attack would make CMA CGM the fourth major container shipping carrier known to have fallen victim to such a major cyber incident.</p>
<p>These analytical results illustrate how a recipient could be fooled into opening an infected email. They also demonstrate how common it is for attackers to specifically target pieces of a company’s supply chain to build up to cyber-attacks on the larger companies. Doing so could cause the recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.</p>
<p>With cyber-attacks ever increasing in frequency and severity, supposing that maritime and shipping organizations can defend against <u>every</u> potential attack scenario is plain unrealistic. Yet, maritime organizations need to combine cybersecurity with business resilience to be cyber resilient. As the maritime sector continues its digitalization quest, safer shipping programs are a competitive strategic advantage.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. Specifically, our analysts have been collecting and analyzing on maritime cyber security issues for years. We publish weekly Vessel Impersonation report, associate IOCs and a Maritime Watchlist. </p>
<p>Red Sky Alliance can help protect against attacks as described above. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p>
<p>The installation, updating and monitoring of firewalls, cyber security collection and analysis and proper employee training are keys to blocking malicious attacks. Please feel free to contact our analyst team for research assistance and RedXray Cyber Threat Analysis report on your organization.</p>
<p>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://resources.infosecinstitute.com/ragnar-locker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/">https://resources.infosecinstitute.com/ragnar-locker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/">https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/</a></p></div>