- Play Ransomware has reached 900 companies so far, new FBI advisory complaints
- The group calls the victims on the phone to try to force them to pay the ransom request
- He also added new vulnerabilities to his arsenal
Play Ransomware’s “number of bodies” reaches almost four figures, has revealed a new warning from the higher legal application, urging companies to stay in charge of attacks.
In a updated security notice, published by the FBI, Cisa, and the Australian cybersecurity center of the Australian signal management (ACSC of the ASD), it was said that the game and its affiliates exploited “around 900 entities”.
Play Ransomware, also known as PlayCrypt, is an infamous Ransomware operator. He is known to use the atypical triple extension method in which, in addition to encrypting and exfiltrating files, he also calls his victims on the phone to convince them to pay.
Simple flaws targeted
The security agency security advice has been updated to reflect the game of changes and its affiliates made in recent times. For example, it has been said that the victims obtain a single e-mail address @ gmx.de or @ web.de, through which they are invited to communicate with the attackers.
In addition, the group seems to have added new vulnerabilities to those they already targeted. In addition to Fortios (CVE-2018-13379, and CVE-2010-12812) and Microsoft Exchange (Proxynotshell CVE-2022-41040 and CVE-2022-41082), they now operate CVE-2024-57727 in the surveillance remote control and remote control (RMM).
This vulnerability was spotted for the first time in mid-January 2025 and has been exploited since.
To worsen things, agencies say that the binary of play ransomware is reorganized for each attack, which means that it obtains a new unique haste, for each deployment. This complicates the detection of anti-malware and antivirus programs.
The game was spotted for the first time around 2020 and, in the past, was known to target the devices fueled by Windows, but at the end of July 2024, the safety researchers saw a Linux variant targeting VMware ESXI environments.
In technical ventilation, the threshold hunting team of Trend Micro said at the time that it was the first time that the game was seen targeting ESXI environments, and criminals could widen their attacks on the Linux platform.
Via The register
