Misplaced Pages

Play (hacker group)

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, Brazil, Argentina, Germany, Belgium and Switzerland.

Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa.

The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address.

History

In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba.

In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media. This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, Schweizer Revue [de]. In the same month, a Valais community fell victim. In May/June, there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected.

References

  1. Kovacs, Eduard (2023-01-05). "Play Ransomware Group Used New Exploitation Method in Rackspace Attack". securityweek. Retrieved 2023-06-17.
  2. ^ "Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say". cyberscoop.com. Cyberscoop. 2023-04-19. Retrieved 2023-06-17.
  3. ^ Gatlan, Sergiu (2023-01-04). "Rackspace confirms Play ransomware was behind recent cyberattack". bleepingcomputer.com. Bleeping Computer. Retrieved 2023-06-17.
  4. "Hacker group publishes stolen Swiss media data". swissinfo.ch. Swissinfo. 2023-05-11. Retrieved 2023-06-17.
  5. Poireault, Kevin (2023-06-11). "Swiss Government Targeted by Series of Cyber-Attacks". infosecurity-magazine.com. Infosecurity Magazine. Retrieved 2023-06-17.
  6. Kovacs, Eduard (2022-09-01). "Ransomware Attacks Target Government Agencies in Latin America". securityweek.com. Securityweek. Retrieved 2023-06-17.
  7. Altwegg, Jürg (2023-04-18). "Böses Spiel mit der NZZ". faz.net. Frankfurter Allgemeine Zeitung. Retrieved 2023-06-17.
  8. Rigendinger, Balz (2023-06-27). "Leck von Bundesdaten: Bis zu 425'000 Auslandschweizer:innen betroffen". SWI Swissinfo.ch (in German). Retrieved 2023-06-28.
  9. "Update: Ransomware-Bande Play gewährt Walliser Gemeinde mehr Zeit". netzwoche.ch. Netzwoche. 2023-05-11. Retrieved 2023-06-17.
  10. Eberhart, Jessica (2023-06-15). "Das Ausmass des Hacks gegen einen Dienstleister der Bundesverwaltung ist gewaltiger als angenommen". Neue Zürcher Zeitung. Retrieved 2023-06-17.
Category: