Operators of Play ransomware were noted by Adlumin researchers to have been providing the strain as a service to other threat actors, The Hacker News reports.
Such a conclusion was made after an analysis of recent Play ransomware attacks revealed no differences between the intrusions, suggesting that affiliates using Play ransomware have been sticking by the playbooks provided with the RaaS. Aside from concealing the malicious file in the same public music folder, all of the attacks used the same credentials for privileged account creation and the same commands, according to the report.
"When RaaS operators advertise ransomware kits that come with everything a hacker will need, including documentation, forums, technical support, and ransom negotiation support, script kiddies will be tempted to try their luck and put their skills to use. And since there are probably more script kiddies than 'real hackers' today, businesses and authorities should take note and prepare for a growing wave of incidents," said Adlumin.
BleepingComputer reports vulnerable ConnectWise ScreenConnect servers impacted by the CVE-2024-1708 and CVE-2024-1709 flaws were observed by Sophos X-Ops researchers to have been subjected to numerous LockBit ransomware attacks since Feb. 21 .