- Play Ransomware has hit 900 companies so far, new FBI advisory claims
- The group calls victims on the phone to try to force them to pay the demand for ransom
- It also added new vulnerabilities to its arsenal
Games Ransomware’s “Body Census” hits almost four digits, a new warning from top legal enforcement has revealed, and encourages companies to remain vigilant against attack.
In an updated security advice, published by FBI, CISA and the Australian Signal Directorate’s Australian Cyber Security Center (ASD’s ACSC), it was said that Play and its affiliated companies utilized “approximately 900 units”.
Play Ransomware, also known as Playcrypt, is a notorious ransomware operator. It is known for using the atypical triple-extortion method, where, in addition to encrypting and exfiltering files, it also calls its victims on the phone to convince them to pay up.
SimpleHelp deficiencies targeted
The security agencies’ security advice has been updated to reflect changes in the game and its affiliated companies made in recent times. For example, it was said that the victims get a unique @gmx.de or @web.de -e -Mail address through which they are invited to communicate with attackers.
In addition, the group seems to have added new vulnerabilities to those they were already targeting. In addition to Fortios (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange (Proxynotshell CVE-2022-41040 and CVE-2022-41082) Bugs, they now utilize CVE-20124-57727 in remote monitoring and control (RMM) Capabilite) Capably.
This vulnerability was first spotted in mid -January 2025 and has been exploited since.
To make things even worse, the agencies say The Play Ransomware Binary has been re -compiled for each attack, which means it gets a new, unique hash, for each implementation. This complicates anti-malware and antivirus program detection.
Play was first spotted around 2020, and previously known to target Windows-driven devices, but by the end of July 2024, security researchers saw a Linux variant targeted at VMware ESXI environments.
In a technical collapse, Trend Micro’s threat hunting team said at the time it was the first time seen targeting ESXI environments, and it could be that criminals are expanding their attacks across the Linux platform.
Via Registered
