Play (hacker group) explained

Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States,[1] Brazil,[2] Argentina, Germany,[3] Belgium and Switzerland.[4]

Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa.[5]

The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address.

History

In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba.[6]

In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media.[7] This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, .[8] In the same month, a Valais community fell victim.[9] In May/June there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected.[10]

References

  1. Web site: Play Ransomware Group Used New Exploitation Method in Rackspace Attack. Eduard. Kovacs. securityweek. 2023-01-05. 2023-06-17.
  2. Web site: Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say . cyberscoop.com. Cyberscoop. 2023-04-19. 2023-06-17.
  3. Web site: Sergiu. Gatlan. Rackspace confirms Play ransomware was behind recent cyberattack. bleepingcomputer.com. Bleeping Computer. 2023-01-04. 2023-06-17.
  4. Web site: Hacker group publishes stolen Swiss media data. swissinfo.ch. Swissinfo. 2023-05-11. 2023-06-17.
  5. Web site: Swiss Government Targeted by Series of Cyber-Attacks. Kevin. Poireault. infosecurity-magazine.com. Infosecurity Magazine. 2023-06-11. 2023-06-17.
  6. Web site: Ransomware Attacks Target Government Agencies in Latin America. Eduard. Kovacs. securityweek.com. Securityweek. 2022-09-01. 2023-06-17.
  7. Web site: Jürg. Altwegg. Böses Spiel mit der NZZ. faz.net. Frankfurter Allgemeine Zeitung. 2023-04-18. 2023-06-17.
  8. Web site: Rigendinger . Balz . 2023-06-27 . Leck von Bundesdaten: Bis zu 425'000 Auslandschweizer:innen betroffen . 2023-06-28 . SWI Swissinfo.ch . de.
  9. Web site: Update: Ransomware-Bande Play gewährt Walliser Gemeinde mehr Zeit . netzwoche.ch. Netzwoche. 2023-05-11. 2023-06-17.
  10. News: Das Ausmass des Hacks gegen einen Dienstleister der Bundesverwaltung ist gewaltiger als angenommen. Neue Zürcher Zeitung. 2023-06-15. 2023-06-17 . Eberhart . Jessica .