Ransomware Gang Enhances Capabilities with Custom Data-Theft Tool.
Play ransomware group has developed two custom tools, Grixba and VSS Copying Tool, to improve the effectiveness of its cyberattacks. Grixba is a network-scanning and information-stealing tool used to enumerate users and computers in a domain, while VSS Copying Tool allows attackers to interact with the Volume Shadow Copy Service (VSS) via API calls using a bundled AlphaVSS .NET library. Both tools enable attackers to gather information about security, backup, and remote administration software, and easily copy files from VSS to bypass locked files. Symantec discovered and analyzed the new tools and shared their findings with BleepingComputer before publishing their report.