VMware ESXi datastores rarely have endpoint protection, the researchers noted, and they host virtual machines (VMs) that likely run critical services for the business, making them a very attractive target for hackers. In the threat landscape, it’s like winning the jackpot.
In this case, the attackers employed unusual techniques to lock data and prevent any recovery.
Why the Hackers Used Python
Python is a powerful programming language that can easily interact with the operating system with just a few lines of code, and ESXi servers are Linux-based systems that often have Python pre-installed.
Python is pretty convenient for invoking commands from other programs using the OS module. In this case, the hackers uploaded a light Python script called fcker.py containing ESXi Shell commands such as vim-cmd vmsvc/getallvms and vim-cmd vmsvc/power.off.
These instructions are used to list all VMs and shut them
Read the article