{"id":70311,"date":"2023-11-21T15:56:56","date_gmt":"2023-11-21T15:56:56","guid":{"rendered":"https:\/\/www.n-able.com\/?p=70311"},"modified":"2025-08-28T10:36:40","modified_gmt":"2025-08-28T09:36:40","slug":"playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers","title":{"rendered":"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers"},"content":{"rendered":"
\n
\n

Play, also known as \u201cPlayCrypt,\u201d was\u00a0<\/span>discovered last summer<\/a>\u00a0<\/span>disrupting government agencies in Latin America.\u00a0 Months later threat actors began using it for targets in the U.S. and Europe. Play, like most ransomware today, employs double-extortion tactics, stealing victim data before encrypting their networks.<\/p>\n

Since August, the Adlumin MDR team has tracked separate Play ransomware attacks in different industries.\u00a0<\/span>In the attacks we observed, threat actors used the same tactics, techniques, and procedures (TTP) and followed the same order of steps \u2014 almost identically. Furthermore, the indicators of compromise (IOCs) for both incidents were almost indistinguishable.<\/strong><\/p>\n

One of those IOCs includes threat actors using the public music folder (C:\\\u2026\\public\\music) to hide malicious files. Another was using almost the same password to create high privilege accounts. And, in both attacks, many of the same commands were observed.<\/p>\n

This high level of consistency in methods used by threat actors is telling. First, it highly suggests reliance on playbooks or step-by-step instructions supplied with RaaS kits. And second, the targeted victims shared a common profile; they were smaller organizations that possessed the financial capacity to entertain ransoms reaching or exceeding $1 million.<\/p>\n

The RaaS Kit Market<\/span><\/strong><\/h2>\n

Purchasing RaaS kits is not difficult, it simply requires a TOR connection and membership to the right dark net forum or market. Once there, a highly experienced threat actor, or even a \u201cscript kiddie,\u201d can browse RaaS advertisements.<\/p>\n

Below are two ads that we acquired from RaaS operators peddling their products in the dark web.<\/p>\n<\/div>\n<\/section>\n

<\/span><\/span><\/div>\n
\n
\n
\"\"<\/div>\n<\/div>\n<\/div>\n
<\/span><\/span><\/div>\n
\n
\n
\"\"<\/div>\n<\/div>\n<\/div>\n
<\/span><\/span><\/div>\n
\n
\n

Other ransomware ads obtained included those that offered \u201cset-up assistance\u201d \u201cfor as low was $200,\u201d and those with \u201cno fees.\u201d Our team also observed advertisements offering full builds from $300 to $1100 \u201cready for deployment.\u201d<\/p>\n

One of the ads described the malware being offered as using \u201cmany cutting-edge evasion techniques including proprietary methods.\u201d<\/p>\n

And in some ads, RaaS operators boasted having ransomware kits for targeting MacOS systems.<\/p>\n

\u201cWe have developed a new MacOS ransomware as we noticed a lack of it,\u201d the ad read.<\/p>\n

At least one post, stated that the ransomware for sale was what \u201cthe cool kids are using,\u201d alluding that someone doesn\u2019t have to be \u201ccool\u201d \u2013 or perhaps, highly skilled \u2013 to purchase and use it.<\/p>\n

Easy Enough for a Script Kiddie<\/span><\/strong><\/h2>\n

Script kiddies are individuals who possess fundamental hacking skills and the knowledge to deploy and execute exploits written by experienced threat actors. They\u2019re able to learn new skills easily and eventually, often become \u201creal hackers\u201d themselves.<\/p>\n

Since 2015, researchers have written about the ability script kiddies have for deploying ransomware and often working side-by-side with well-known threat actor organizations.<\/strong><\/p>\n

In March 2022,\u00a0<\/span>police in the UK arrested members of the Lapsus$ cybercriminal group<\/a>\u00a0<\/span>known for targeting tech companies such as Okta, Nvidia, Samsung, and Microsoft. The raid included the arrest of teenagers and young adults with ages ranging from 13 to 21, according to the BBC.\u00a0 It\u2019s not clear, however, if the youngsters were script kiddies simply due to their age.<\/p>\n

With enough documentation and technical support \u2013 and with generative AI tools now being able to assist them as well \u2013 a script kiddie can be more than capable of carrying out an attack. However, attacks by these less-skilled individuals often include a higher degree of basic mistakes that make them easier for an organization with capable cybersecurity operation to stop.<\/p>\n

For example, we have observed ransomware attacks foiled by the Adlumin Security Operations Platform or the Adlumin MDR Team during an attack\u2019s early stages.\u00a0<\/span>In some cases, threat actors don\u2019t even get the chance to encrypt files. There are also incidents where SOAR actions within the Adlumin platform disable accounts created by threat actors, effectively locking them out from the network. Sometimes attacks are carried out, but no data is exfiltrated.\u00a0<\/span><\/strong>\u00a0<\/strong><\/p>\n

Money to be Made<\/span><\/strong><\/h2>\n

Ransomware attacks are very lucrative, especially since\u00a0<\/span>73% of companies attacked pay the ransom<\/a>. And with double extortion becoming the norm, organizations that don\u2019t pay are publicly shamed by RaaS operators on the clear or dark web.<\/p>\n

For script kiddies of any age, ransomware may seem like a great way to make a living and become rich quickly. Also, with high unemployment rates in many countries in Latin America and other parts of the world, cybercrime may be seductive for underemployed or poorly paid computer programmers, or people in similar careers.\u00a0<\/span>According to DevelopmentAid.org<\/a>, \u201c[Poor countries] serve as training grounds for criminal groups in preparation for more ambitious attacks in developed countries.\u201d<\/p>\n

When RaaS operators advertise ransomware kits that come with everything a hacker will need, including documentation, forums, technical support, and ransom negotiation support, script kiddies will be tempted to try their luck and put their skills to use. And since there are probably more script kiddies than \u201creal hackers\u201d today, businesses and authorities should take note and prepare for a growing wave of incidents.<\/strong><\/p>\n

Breadcrumbs<\/span><\/strong><\/h2>\n

IOCs, such as malicious IP addresses, domains, TOR addresses, emails, hashes, executables, and others discovered from an attack can be very useful to analysts, researchers, and law enforcement. They serve as clues to help put together what transpired during the incident and how. They can also offer some insight about the level of sophistication of the attackers.<\/p>\n

When threat actors follow RaaS-provided playbooks, they will likely adhere to them closely on the first few attacks. They\u2019ll make mistakes, and if those mistakes are big enough, they could serve as breadcrumbs for the authorities to follow.<\/p>\n

Anything an attacker does in a network can help authorities if they are contacted after an incident. This is why investigators request that victims share any IOCs that could help with their investigations. Even if a business pays the ransom, details like Bitcoin or Monero addresses and transaction IDs, communication or chat logs with threat actors, the decryptor file, and a sample of an encrypted file can be very useful.<\/p>\n

If a newbie or script kiddie isn\u2019t meticulous with their work, the FBI could soon be knocking on their door.<\/p>\n

Conclusion<\/strong><\/h2>\n

Ransomware attacks continue to be among the most prevalent cyber threats and\u00a0<\/span>increased by 37% in 2023<\/a>. Companies should expect more ransomware attacks in the future, not less. And\u00a0<\/span>if more novice attackers are finding that ransomware attacks can be carried out easily with the help and support provided by RaaS operators, they\u2019ll continue to frequent dark net forums to join the most inviting ransomware affiliate group.<\/strong><\/p>\n

At the same time, novice attackers are more likely to make mistakes since they are not as experienced, potentially leaving behind significant IOCs that the authorities can use to help track and apprehend them.<\/p>\n

The Adlumin MDR Team will continue to monitor and stop ransomware attacks carried out by newbies and experts alike. Our security operations platform\u2019s SOAR actions have been successful at foiling these attacks in their early stages, stopping cybercriminals on their tracks.<\/p>\n

Furthermore, we offer Total Ransomware Defense (TRD), a service specifically designed to detect ransomware activity and stop it. In the unfortunate case that files are encrypted, TRD is able to generate decryption keys to restore systems and networks.<\/p>\n

Indicators of Compromise (IOCs)<\/span><\/strong><\/h2>\n

\u00a0<\/strong>Usernames<\/strong><\/p>\n

    \n
  • admon<\/li>\n
  • daksj<\/li>\n
  • admin<\/li>\n<\/ul>\n

    Objects<\/strong><\/p>\n

      \n
    • exe<\/strong><\/li>\n
    • zip.json.PLAY<\/strong><\/li>\n
    • exe<\/strong><\/li>\n
    • exe<\/li>\n
    • PLAY<\/li>\n
    • exe<\/li>\n
    • ini.PLAY<\/li>\n
    • aut<\/li>\n
    • omaticDestinations-<\/li>\n
    • PLAY<\/li>\n
    • exe<\/li>\n
    • json.PLAY<\/li>\n
    • cdp.PLAY<\/li>\n
    • HeartBea<\/li>\n
    • updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.PLAY<\/li>\n
    • exe<\/li>\n
    • cookie.PLAY<\/li>\n
    • js.PLAY<\/li>\n
    • exe<\/li>\n<\/ul>\n

      Paths<\/strong><\/h2>\n

      C:\\\\Users\\\\Public\\\\Music<\/p>\n

      \\\\Device\\\\HarddiskVolume3\\\\CollectGuestLogsTemp<\/p>\n

      Hash: null<\/p>\n

      C:\\\\Users\\\\Public\\\\Music<\/p>\n

      Hash:<\/p>\n

      b042bc03144919c0fed9d60c1f68eb04ed7<\/p>\n

      2c2f6<\/p>\n

      C:\\\\windows<\/p>\n

      Hash:<\/p>\n

      51d3d661774cc50bb22e62beafc4bc6029d<\/p>\n

      f2392<\/p>\n

      \\\\Device\\\\HarddiskVolume2\\\\Users\\\\it.ad<\/p>\n

      min\\\\AppData\\\\Local\\\\Google\\\\Chrome\\\\<\/p>\n

      User Data\\\\Default\\\\Cache\\\\Cache_Data<\/p>\n

      Hash: null<\/p>\n

      C:\\\\Windows<\/p>\n

      Hash:<\/p>\n

      51d3d661774cc50bb22e62beafc4bc6029d<\/p>\n

      f2392<\/p>\n

      \\\\Device\\\\Mup\\\\10.20.0.15\\\\C$\\\\$Recycl<\/p>\n

      e.Bin\\\\S-1-5-21-3568089881-786281157-<\/p>\n

      4253494709-1103<\/p>\n

      Hash: null<\/p>\n

      \\\\Device\\\\HarddiskVolume2\\\\Users\\\\AAD<\/p>\n

      _00864e0326c2\\\\AppData\\\\Roaming\\\\Mi<\/p>\n

      crosoft\\\\Windows\\\\Recent\\\\AutomaticDe<\/p>\n

      stinations<\/p>\n

      Hash: null<\/p>\n

      C:\\\\Users\\\\Public\\\\Music<\/p>\n

      Hash:<\/p>\n

      b042bc03144919c0fed9d60c1f68eb04ed7<\/p>\n

      2c2f6<\/p>\n

      \\\\Device\\\\Mup\\\\10.20.0.15\\\\C$\\\\Users\\\\<\/p>\n

      administrator\\\\AppData\\\\Local\\\\ConnectedDevicesPlatform<\/p>\n

      Hash: null<\/p>\n

      \\\\Device\\\\Mup\\\\10.20.0.15\\\\C$\\\\Package<\/p>\n

      s\\\\Plugins\\\\Microsoft.EnterpriseCloud.Mo<\/p>\n

      nitoring.MicrosoftMonitoringAgent\\\\1.0.1<\/p>\n

      8067.0\\\\Status<\/p>\n

      Hash: null<\/p>\n

      \\\\Device\\\\HarddiskVolume2\\\\ProgramDat<\/p>\n

      a\\\\USOPrivate\\\\UpdateStore<\/p>\n

      Hash: null<\/p>\n

      C:\\\\Users\\\\Public\\\\Music<\/p>\n

      Hash:<\/p>\n

      b042bc03144919c0fed9d60c1f68eb04ed7<\/p>\n

      2c2f6<\/p>\n

      \\\\Device\\\\HarddiskVolume2\\\\Users\\\\it.ad<\/p>\n

      min\\\\AppData\\\\Local\\\\Microsoft\\\\Windo<\/p>\n

      ws\\\\INetCookies<\/p>\n

      Hash: null<\/p>\n

      \\\\Device\\\\HarddiskVolume4\\\\Program<\/p>\n

      Files\\\\Microsoft Monitoring<\/p>\n

      Agent\\\\Agent\\\\APMDOTNETCollector\\\\W<\/p>\n

      eb\\\\Scripts\\\\V7.0\\\\js<\/p>\n

      Hash: null<\/p>\n

      C:\\\\PerfLogs<\/p>\n

      Hash:<\/p>\n

      b042bc03144919c0fed9d60c1f68eb04ed7<\/p>\n

      2c2f6<\/p>\n<\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

      Discover how to manage and monitor system logs, hashes, and directories using Microsoft Monitoring Agent, ensuring optimal server performance and security.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-70311","post","type-post","status-publish","format-standard","hentry","topic-cyber-resilience","topic-security"],"acf":[],"yoast_head":"\nPlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers - N-able<\/title>\n<meta name=\"description\" content=\"Learn how to monitor system logs, hashes, and directories with Microsoft Monitoring Agent for improved server performance and security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers - N-able\" \/>\n<meta property=\"og:description\" content=\"Learn how to monitor system logs, hashes, and directories with Microsoft Monitoring Agent for improved server performance and security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-21T15:56:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-28T09:36:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2025\/08\/2508_Adlumin_BlogHeaders_PlayCrypt.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers\",\"datePublished\":\"2023-11-21T15:56:56+00:00\",\"dateModified\":\"2025-08-28T09:36:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\"},\"wordCount\":1437,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage\"},\"thumbnailUrl\":\"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png\",\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\",\"url\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\",\"name\":\"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage\"},\"thumbnailUrl\":\"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png\",\"datePublished\":\"2023-11-21T15:56:56+00:00\",\"dateModified\":\"2025-08-28T09:36:40+00:00\",\"description\":\"Learn how to monitor system logs, hashes, and directories with Microsoft Monitoring Agent for improved server performance and security.\",\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage\",\"url\":\"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png\",\"contentUrl\":\"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#website\",\"url\":\"https:\/\/www.n-able.com\/pt-br\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/pt-br?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/pt-br\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers - N-able","description":"Learn how to monitor system logs, hashes, and directories with Microsoft Monitoring Agent for improved server performance and security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers","og_locale":"pt_BR","og_type":"article","og_title":"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers - N-able","og_description":"Learn how to monitor system logs, hashes, and directories with Microsoft Monitoring Agent for improved server performance and security.","og_url":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2023-11-21T15:56:56+00:00","article_modified_time":"2025-08-28T09:36:40+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2025\/08\/2508_Adlumin_BlogHeaders_PlayCrypt.png","type":"image\/png"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"N-able","Est. tempo de leitura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers","datePublished":"2023-11-21T15:56:56+00:00","dateModified":"2025-08-28T09:36:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers"},"wordCount":1437,"publisher":{"@id":"https:\/\/www.n-able.com\/pt-br#organization"},"image":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage"},"thumbnailUrl":"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png","inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers","url":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers","name":"PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/pt-br#website"},"primaryImageOfPage":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage"},"image":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage"},"thumbnailUrl":"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png","datePublished":"2023-11-21T15:56:56+00:00","dateModified":"2025-08-28T09:36:40+00:00","description":"Learn how to monitor system logs, hashes, and directories with Microsoft Monitoring Agent for improved server performance and security.","inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers#primaryimage","url":"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png","contentUrl":"https:\/\/adlumin.wpenginepowered.com\/wp-content\/uploads\/ransomware-image-1.png"},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/pt-br#website","url":"https:\/\/www.n-able.com\/pt-br","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/pt-br#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/pt-br?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/pt-br#organization","name":"N-able","url":"https:\/\/www.n-able.com\/pt-br","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts\/70311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/comments?post=70311"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts\/70311\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/media?parent=70311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}