Krispy Kreme just got hit hard by a ruthless ransomware attack that reveals even the most trusted brands aren’t safe. How did a donut favorite become a cybersecurity cautionary tale?
https://thedefendopsdiaries.com/krispy-kreme-data-breach-lessons-from-the-play-ransomware-attack/
#krispykremebreach
#playransomware
#cybersecurity
#databreach
#infosectrends
Play ransomware is evolving at breakneck speed—using sneaky tools and a RaaS model to hit everything from cities to big brands. How long before no one’s safe?
https://thedefendopsdiaries.com/the-play-ransomware-threat-evolution-tactics-and-defense/
#playransomware
#cybersecurity
#ransomwareaservice
#infosectrends
#cyberdefense
A zero-day flaw in Windows unlocked SYSTEM privileges for a sophisticated ransomware gang, sparking global chaos with double extortion attacks. How ready is your network for the next hidden door?
#playransomware
#zerodayvulnerability
#cybersecurity
#ransomwareattack
#infosec
📢 Just In: Play ransomware group has claimed responsibility for the data breach at #KrispyKreme and is threatening to leak the data within two days.
Details: https://hackread.com/play-ransomware-krispy-kreme-breach-data-leak/
A new variant of the Play ransomware, specifically designed for Linux, has emerged and is targeting VMware ESXi systems. This variant is notable because it encrypts virtual machine files, including disks, configurations, and metadata, and appends them with the ".PLAY" extension. It also drops a ransom note in the root directory. The Play ransomware group appears to be utilizing services from Prolific Puma, a provider of illicit link-shortening services, to aid in evading detection while spreading malware. They employ a Registered Domain Generation Algorithm (RDGA) to create new domain names, a technique becoming popular among various cybercriminal groups for activities like phishing, spamming, and malware distribution. The RDGA allows for the creation of numerous domain names, making it harder to detect and defend against compared to traditional DGAs. This Linux variant of Play represents a broader attack strategy across the Linux platform, potentially expanding the group's victim base and increasing the success rate of ransom negotiations. The Play ransomware, initially appearing in June 2022, is known for its double extortion tactic, encrypting systems after stealing sensitive data and demanding a ransom for decryption. As of October 2023, estimates suggest around 300 organizations worldwide have fallen victim to this ransomware group. The discovery of this Linux variant was made from a RAR archive file found on an IP address associated with tools previously used in Play ransomware attacks, indicating that the Linux version may follow similar tactics.
#cybersecurity #vmware #esxi #linux #playransomware #ransomware #attack #encryption #prolificpuma #rdga #dga #trendmicro
FBI: Play gang has attacked 300 organizations since 2022⤵️
#FBI #PlayRansomware #ransomware #cybersecurity #infosec
As of October 2023, the FBI is aware of around 300 entities that have reportedly fallen victim to the ransomware group.
#Cybersecurity #Ransomware #CISA #FBI #Cyberattacks #PlayRansomware
However, the spokesperson refrained from providing additional details, such as whether the cyberattack involved ransomware or if any data was compromised during the incident.
#Cybersecurity #GRTC #PLAYRansomware #Virginia #USA #Cyberthreat
https://cybersec84.wordpress.com/2023/12/09/central-virginia-public-transport-faces-cyber-threat/
The ransomware campaign involved dropping remote administration tools such as AnyDesk before deploying the ransomware.
New evidence uncovered by Adlumin indicates that the ransomware strain known as Play has transitioned into a “as a service” model, allowing other threat actors to access and utilize it.…
The DefendOps Diaries
Hackread.com
83r71n
Marcel SIneM(S)US
Cybernews
Freemind
