CyberSecurityBoard
Sponsor Register Login

FBI: Play ransomware breached 300 victims, including critical orgs

The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities.
The warning comes as a joint advisory issued in partnership with CISA and the Australian Signals Directorate's Australian Cyber Security Centre.
The Play ransomware operation surfaced in June 2022, after the first victims reached out for help in BleepingComputer's forums.
In contrast to typical ransomware operations, Play ransomware affiliates opt for email communication as their negotiation channel and will not provide victims a Tor negotiations page link in ransom notes left on compromised systems.
Before deploying ransomware, they will steal sensitive documents from compromised systems, which they use to pressure victims into paying ransom demands under the threat of leaking the stolen data online.
The gang is also using a custom VSS Copying Tool helps steal files from shadow volume copies even when those files are in use by applications.
Recent high-profile Play ransomware victims include the City of Oakland in California, car retailer giant Arnold Clark, cloud computing company Rackspace, and the Belgian city of Antwerp.
In guidance issued today by the FBI, CISA, and ASD's ACSC, organizations are urged to prioritize addressing known vulnerabilities that have been exploited to reduce their likelihood of being used in Play ransomware attacks.
Network defenders are also strongly advised to implement multifactor authentication across all services, focusing on webmail, VPN, and accounts with access to critical systems.
Regular updating and patching of software and applications to their most recent versions and routine vulnerability assessments should be part of all organizations' standard security practices.
The three government agencies also advise security teams to implement the mitigation measures shared with today's joint advisory.
FBI and CISA warn of opportunistic Rhysida ransomware attacks.
FBI: Royal ransomware asked 350 victims to pay $275 million.
CISA urges tech manufacturers to stop using default passwords.
Norton Healthcare discloses data breach after May ransomware attack.
Navy contractor Austal USA confirms cyberattack after data leak.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 18 Dec 2023 16:25:12 +0000


Cyber News related to FBI: Play ransomware breached 300 victims, including critical orgs

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
6 months ago Bleepingcomputer.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
6 months ago Bleepingcomputer.com
FBI: Play ransomware breached 300 victims, including critical orgs - The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. The warning comes as a joint advisory issued in ...
6 months ago Bleepingcomputer.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
6 months ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
6 months ago Securityboulevard.com
FBI Alarmed as Ransomware Strikes 300 Victims, Critical Sectors Under Siege - There was an advisory published late on Monday about the Play ransomware gang that was put out by the Federal Bureau of Investigation together with the US Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre. The ...
6 months ago Cysecurity.news
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
5 months ago Securityboulevard.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 month ago Bleepingcomputer.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
7 months ago Wired.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
6 months ago Bleepingcomputer.com
Play Ransomware Has Hit 300 Entities Worldwide: FBI - The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity ...
6 months ago Securityboulevard.com
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
7 months ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
3 months ago Bleepingcomputer.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
6 months ago Feeds.fortinet.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
6 months ago Securityboulevard.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
6 months ago Krebsonsecurity.com
US offers $10 million for tips on Hive ransomware leadership - The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. The FBI says this ransomware group had extorted roughly $100 million from over 1,300 ...
4 months ago Bleepingcomputer.com
CISA: Black Basta ransomware breached over 500 orgs worldwide - CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State ...
1 month ago Bleepingcomputer.com
Play Ransomware Infected Over 300 Organizations Worldwide - The Play ransomware group, also going by the name Playcrypt, has been affecting several kinds of North American, South American, and European enterprises as well as vital infrastructure since June 2022. The FBI learned of about 300 impacted companies ...
6 months ago Cybersecuritynews.com
FBI and CISA warn of opportunistic Rhysida ransomware attacks - The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. Rhysida, a ransomware enterprise that surfaced in May 2023, quickly gained notoriety after breaching the ...
7 months ago Bleepingcomputer.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
3 months ago Feeds.fortinet.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
5 months ago Feeds.fortinet.com
CVE-2019-10923 - A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ...
1 year ago
CVE-2019-13940 - A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)