The Curious Case of PlayBoy Locker

Cybereason analyzes PlayBoy Locker, a Ransomware-as-a-Service (RaaS) observed on darknet forums that provides affiliates with customizable binaries for Windows, ESXi, and NAS, features LDAP-based AD worming, multithreaded file encryption using hc-128 and curve25519, shadow copy deletion, process/service termination, web-based builder and admin panels, and includes IOCs and defensive recommendations.