New Play Ransomware Linux Variant Targets ESXi Shows Ties

216.73.216.6

New Play Ransomware Linux Variant Targets ESXi Shows Ties

· Published 22/07/2024 16:03 · Modified 22/07/2024 16:13

Essential information

Published: 22/07/2024 16:03
Modified: 22/07/2024 16:13
Tags: 2024-07-22 coroxy esxi
Related entities: 2 observables, 1 intrusion sets (apt), 11 techniques (mitre), 1 malware, 2 others

Description

The Play ransomware group, known for double-extortion tactics and advanced evasion techniques, has developed a new Linux variant specifically designed to target VMware ESXi environments. This variant aims to encrypt virtual machines (VMs) and associated files, potentially causing significant operational disruptions. Notably, evidence suggests the Play group may be collaborating with the notorious Prolific Puma cybercriminal entity to enhance its capabilities and circumvent security measures more effectively.

External references

https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html
https://otx.alienvault.com/pulse/669e82c9a44282860caa5c37