"Play Ransomware Gang Uses Custom Shadow Volume Copy Data-Theft Tool"

According to Symantec's security researchers, the Play ransomware group has developed two custom tools called Grixba and VSS Copying Tool in .NET to strengthen its cyberattacks. The two tools allow the attackers to enumerate users and computers in compromised networks, collect information about security, backup, and remote administration software, and copy files from Volume Shadow Copy Service (VSS) to circumvent locked files. Grixba is a network-scanning and information-stealing application used to enumerate users and computers in a domain. In addition, it supports a 'scan' mode that uses WMI, WinRM, Remote Registry, and Remote Services to determine what software is installed on network devices. This article continues to discuss the Play ransomware gang's new custom tools. 

Bleeping Computer reports "Play Ransomware Gang Uses Custom Shadow Volume Copy Data-Theft Tool"