Re: Extraction rate is a function of RAM capacity.
Given that large amounts of RAM are used to cram in many virtual machines, I'd say they're not "better protected", in fact quite the opposite. You'd have a single physical attack surface containing many machines which can be compromised, which in turn represent many more virtual attack vectors. It might take you longer to dump the physical hosts entire memory, but you'd get access to many more VMs for your increased effort. Also consider that one VM owned by one customer could potentially dump out memory of another customers machine that just happens to be running on the same physical host.