Operators of Play ransomware were noted by Adlumin researchers to have been providing the strain as a service to other threat actors, The Hacker News reports.
Such a conclusion was made after an analysis of recent Play ransomware attacks revealed no differences between the intrusions, suggesting that affiliates using Play ransomware have been sticking by the playbooks provided with the RaaS. Aside from concealing the malicious file in the same public music folder, all of the attacks used the same credentials for privileged account creation and the same commands, according to the report.
"When RaaS operators advertise ransomware kits that come with everything a hacker will need, including documentation, forums, technical support, and ransom negotiation support, script kiddies will be tempted to try their luck and put their skills to use. And since there are probably more script kiddies than 'real hackers' today, businesses and authorities should take note and prepare for a growing wave of incidents," said Adlumin.
Play ransomware expands availability
Operators of Play ransomware were noted by Adlumin researchers to have been providing the strain as a service to other threat actors, The Hacker News reports.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.