Two novel custom data-gathering tools are being leveraged by the Play ransomware operation in a bid to bolster its digital extortion attacks, according to CyberScoop.
Aside from developing the Grixba information stealer that facilitates software and service enumeration, Play ransomware has also created the VSS Copying Tool to allow Volume Shadow Copy Service file copies, a report from Symantec's Threat Hunter Team showed.
Play ransomware is believed to have developed custom tools to enhance attack efficiency and curb dwell times.
"Custom tools can be tailored to a specific target environment, allowing ransomware gangs to carry out attacks faster and more efficiently," said researchers.
While organizations in Latin America have been primarily targeted by Play ransomware since its emergence last June, the ransomware gang has since diversified its targets, launching 20 or more attacks around the world during the past month.
Among its most recent victims was the City of Oakland, California, which declared a state of emergency following the attack.
Ransomware, Threat Management
Novel hacking tools developed by Play ransomware gang
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds