HQ/EMEAFind out how we can help your business
The Play ransomware developers have allowed other cybercriminals to use their malware after offering it as a Ransomware-as-a-Service (RaaS).
Based on reports, researchers have identified evidence that the malware developers of Play sell it for its service. This event could enable various malicious threat groups to orchestrate numerous attacks with an alarming level of consistency.
The new report highlights the uniformity observed in Play ransomware attacks against various sectors, indicating that affiliates who purchase the RaaS could execute an attack by following the step-by-step instructions provided by the developers with the malware.
The lack of variation in attack strategies, such as using the public music folder (C:…\public\music) to conceal malicious files, identical passwords for creating high-privilege accounts, and uniform execution commands, shows the systematic nature of these attacks.
Play ransomware is a relatively new malicious entity that debuted in June last year.
The Play ransomware, also known as Balloonfly and PlayCrypt, became a prevalent threat in the cybersecurity landscape after exploiting vulnerabilities in Microsoft Exchange Server, specifically ProxyNotShell and OWASSRF, to breach networks.
The malware’s unique characteristic was that the developers were the ones who executed the attacks, which is uncommon for ransomware developers. However, the recent transition towards a RaaS model completes Play’s transformation into a profitable option for cybercriminals.
Furthermore, the shift from the developers carrying out the attacks to a model where the ransomware provides its service to various threats, such as veteran and amateur hackers, makes this development alarming. This instance could broaden the potential threat actors pool and result in a more organised and commercialised approach to cybercrime.
Additionally, RaaS operators offer comprehensive ransomware kits, including documentation, forums, technical support, and ransom negotiation assistance to aspiring hackers. Hence, the RaaS could attract more wannabe hackers that could inflict a nuisance to researchers and targeted organisations.
With the increasing prevalence of these less experienced actors, businesses and authorities should be more vigilant and prepared for a potential rise of Play ransomware campaigns.
The emergence of Play ransomware as a commercial service emphasises the active nature of cyber threats and the need for constant adaptation in cybersecurity measures to protect against evolving risks.
