New Play Ransomware Linux Variant Targets ESXi Shows Ties

July 22, 2024, 4:13 p.m.

Description

The Play ransomware group, known for double-extortion tactics and advanced evasion techniques, has developed a new Linux variant specifically designed to target VMware ESXi environments. This variant aims to encrypt virtual machines (VMs) and associated files, potentially causing significant operational disruptions. Notably, evidence suggests the Play group may be collaborating with the notorious Prolific Puma cybercriminal entity to enhance its capabilities and circumvent security measures more effectively.

Date

  • Created: July 22, 2024, 4:03 p.m.
  • Published: July 22, 2024, 4:03 p.m.
  • Modified: July 22, 2024, 4:13 p.m.

Indicators

  • 45.76.165.129
  • 108.61.142.190

Attack Patterns

Additional Informations

  • Professional Services
  • Manufacturing