home.social

#playcrypt — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #playcrypt, aggregated by home.social.

  1. New bullies on the block: They don’t PLAY nice.

    In mid-November 2022, #Sophos X-Ops responded to an incident where PLAY #ransomware, also known as #PlayCrypt, was found in an under-protected environment.

    PLAY is a relatively new ransomware variant, first reported in mid-July of 2022. It deploys a variety of commonly abused tools, similar to other Ransomware-as-a-Service (RaaS) deployments such as Hive or Nokoyawa. In this thread we’ll walk through what Sophos X-Ops researchers @bencrypted and @th3_protoCOL saw in their analysis – a process our Rapid Response team observed in reverse, starting their work with this customer when they were called in at the 14-day mark.

    The IoCs provided in this writeup are available on our Github: github.com/sophoslabs/IoCs.

    #threatintel #infosec #ioc #SophosXOps

  2. I've had a look at #Play, aka #PlayCrypt #ransomware. And it seems to me that there is more than meets the eye when it comes to negotiations management. At first, it looks like "just" e-mail. But I suspect there's more to it than just that. More about it in this piece (sorry, it's in French): lemagit.fr/actualites/25252779