Research highlights ongoing threat of Play ransomware linked to North Korean group
New research highlights the ongoing threat of Play ransomware, first detected in 2022. It has caused over 300 successful attacks globally and is linked to a North Korean state-sponsored group. The ransomware encrypts files with a ".PLAY" extension. Attackers gain access by exploiting vulnerabilities in services like Microsoft Exchange and Fortinet's FortiOS. They use port scanning to gather system information and escalate privileges for further attacks. This method complicates detection efforts. The FBI warns organizations about the risks of Play ransomware and recommends mitigation strategies. The ransomware not only encrypts data but also exfiltrates information to demand ransom through leak sites.