- Ransomware Play has reached 900 companies so far, new FBI advice claims
- The group is calling victims by phone to try to force them to pay the rescue demand
- He also added new vulnerabilities to his arsenal
Ransomware’s “bodies” is almost reaching four digits, a new warning of the main legal application has revealed, urging companies to keep them guard against attacks.
In an updated security notice, published by the FBI, CISA and the Australian cyber security center of the Australian Signal Directorate (ASD’s ACSC), it was said that the game and its affiliates exploded “approximately 900 entities.”
Play Ransomware, also known as PlayCrypt, is an infamous ransomware operator. It is known for using the atypical triple extortion method in which, in addition to encrypting and exfiltrating files, it also calls their victims by phone to convince them to pay.
Simple Help failures directed
The security notice of security agencies has been updated to reflect the change game and their affiliates made in recent times. For example, it was said that the victims obtain a single email address @gmx.de o @web.de, through which they are invited to communicate with the attackers.
In addition, the group seems to have added new vulnerabilities to which they were already pointing. In addition to fortunes (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange (proxynotshell CVE-2022-41040 and CVE-2022-41082), which are now exploiting CVE-2024-57727 in remote monitoring and management (RMMM), the simple tool, which they use for the remote code (RCE) (RCE).
This vulnerability was first seen in mid -January 2025, and has been exploited since then.
To make things worse, agencies say that the game of game ransomware is rewarded for each attack, which means that it obtains a new and unique hash, for each deployment. This complicates the detection of antimalware and antivirus programs.
The game was seen for the first time around 2020, and in the past, it was known for aiming at Windows devices, but at the end of July 2024, security researchers saw a Linux variant aimed at the ESXI VMware environments.
In a technical breakdown, Trend Micro’s threat hunting team said at that time that it was the first time the game aimed at ESXI environments was seen, and it could be that criminals are expanding their attacks on the Linux platform.
Through The registration
