Back

New Play Ransomware Linux Variant Targets ESXi Shows Ties

July 22, 2024, 4:13 p.m.

Tags

2024-07-22
esxi
coroxy

External References

https://www.trendmicro.com/

https://otx.alienvault.com/

Description

The Play ransomware group, known for double-extortion tactics and advanced evasion techniques, has developed a new Linux variant specifically designed to target VMware ESXi environments. This variant aims to encrypt virtual machines (VMs) and associated files, potentially causing significant operational disruptions. Notably, evidence suggests the Play group may be collaborating with the notorious Prolific Puma cybercriminal entity to enhance its capabilities and circumvent security measures more effectively.

Date

Published Created Modified
July 22, 2024, 4:03 p.m. July 22, 2024, 4:03 p.m. July 22, 2024, 4:13 p.m.

Attack Patterns

Coroxy

Play

T1491.001

T1568.002

T1059.004

T1070.004

T1489

T1486

T1105

T1083

T1570

T1046

T1041

Additional Informations

Professional Services

Manufacturing