Play Ransomware Attack Cases Detected by AhnLab EDR
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the ransomware, which remains actively in use, is its addition of the “.PLAY” extension to files following encryption. Like other ransomware threat
Proxy Tools Detected by AhnLab EDR
After gaining control over infected systems, threat actors may also perform remote screen control using RDP. This is partly for convenience but can also serve the purpose of maintaining persistence. If the RDP service is not active during the attack process, threat actors may install RDP Wrappers, steal existing account
