Play Ransomware Attack Cases Detected by AhnLab EDR
Contents
Play Ransomware Attack Cases Detected by AhnLab EDR
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the ransomware, which remains actively in use, is its addition of the “.PLAY” extension to files following encryption. Like other ransomware threat actors, they steal information before encrypting systems to threaten victims and publish lists of attacked companies on their website.
Figure 1. Disclosed company information
According to a report by Unit42 of Palo Alto Networks, a collaboration between Play ransomware and the Andariel group has been confirmed. In this case, the Andariel group utilized malware known as Sliver and DTrack to steal information, and then a Play ransomware attack was carried out using the same attack infrastructure. For reference, the Andariel group has also used SHATTEREDGLASS and Maui ransomware in past attacks. [1] [2]
The initial access …
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the ransomware, which remains actively in use, is its addition of the “.PLAY” extension to files following encryption. Like other ransomware threat actors, they steal information before encrypting systems to threaten victims and publish lists of attacked companies on their website.
Figure 1. Disclosed company information
According to a report by Unit42 of Palo Alto Networks, a collaboration between Play ransomware and the Andariel group has been confirmed. In this case, the Andariel group utilized malware known as Sliver and DTrack to steal information, and then a Play ransomware attack was carried out using the same attack infrastructure. For reference, the Andariel group has also used SHATTEREDGLASS and Maui ransomware in past attacks. [1] [2]
The initial access …