CyberSecurityBoard
Sponsor Register Login

FBI: Play ransomware gang has attacked 300 orgs since 2022

The ransomware gang behind several devastating attacks on major American cities has allegedly launched more than 300 successful incidents since June 2022, according to cybersecurity officials in the United States and Australia.
The FBI joined the Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre in publishing an advisory about the Play ransomware gang on Monday.
This year alone, the group left cities like Oakland and Lowell, Massachusetts, as well as Dallas County, scrambling for days to deal with encrypted devices and troves of stolen citizen data.
The government of Switzerland also warned in June that the group had stolen data during an attack on one of its IT providers.
In Australia, the first incident involving the group was observed in April, with the most recent in November.
According to the notice, the group operates with more discretion than some of its competitors.
In most cases, the gang does not include its demands in the ransom note, instead asking victims to contact them through email.
The gang typically exploits stolen account credentials and public-facing applications - targeting vulnerabilities in popular products like the FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812, as well as ProxyNotShell vulnerabilities in Microsoft tools.
The hackers use a variety of tools to steal information and to scan for and disable anti-virus software.
Play extension to filenames after splitting compromised data into smaller portions and exfiltrating it to hacker-controlled accounts.
When the Play group first emerged in mid-2022, it targeted government entities in Latin America, according to Trend Micro.
In April, the gang published 600 gigabytes of Oakland government data after releasing an initial batch of 10GB in March.
The leaks included troves of sensitive data stolen from the city's police department, driver's license numbers, Social Security numbers and even information on the city's elected officials.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.


This Cyber News was published on therecord.media. Publication date: Mon, 18 Dec 2023 21:40:10 +0000


Cyber News related to FBI: Play ransomware gang has attacked 300 orgs since 2022

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 month ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 week ago Cybersecuritynews.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com LockBit Noescape
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com LockBit Noescape
FBI Alarmed as Ransomware Strikes 300 Victims, Critical Sectors Under Siege - There was an advisory published late on Monday about the Play ransomware gang that was put out by the Federal Bureau of Investigation together with the US Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre. The ...
1 year ago Cysecurity.news CVE-2022-41040 CVE-2022-40802
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
1 year ago Bleepingcomputer.com Blacksuit
FBI: Play ransomware breached 300 victims, including critical orgs - The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. The warning comes as a joint advisory issued in ...
1 year ago Bleepingcomputer.com Rhysida
How the FBI Infiltrated the Hive Ransomware Gang Systems - The FBI has recently infiltrated the systems of the Hive ransomware gang, one of the most sophisticated and successful global cybercrime gangs. This infiltration is a major victory for the FBI in its fight against ransomware, cybercrime, and other ...
2 years ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com LockBit Noescape
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
FBI: Play ransomware gang has attacked 300 orgs since 2022 - The ransomware gang behind several devastating attacks on major American cities has allegedly launched more than 300 successful incidents since June 2022, according to cybersecurity officials in the United States and Australia. The FBI joined the ...
1 year ago Therecord.media CVE-2018-13379 CVE-2020-12812
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
10 months ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Play Ransomware Has Hit 300 Entities Worldwide: FBI - The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity ...
1 year ago Securityboulevard.com CVE-2022-41040 CVE-2022-41082
300 Strikes: Fort Worth's Battle Against the Medusa Gang - In the wake of a cyberattack on Tarrant County Appraisal District in March, the Medusa ransomware gang has claimed responsibility for the hack and has threatened the public with the threat of leaking 218 GB of the stolen data unless the ransom of ...
1 year ago Cysecurity.news Medusa
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
French police arrests Russian suspect linked to Hive ransomware - French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments. The suspect was apprehended after the French Anti-Cybercrime Office linked him to digital wallets ...
1 year ago Bleepingcomputer.com Hunters
US offers $10 million for tips on Hive ransomware leadership - The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. The FBI says this ransomware group had extorted roughly $100 million from over 1,300 ...
1 year ago Bleepingcomputer.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Play Ransomware Infected Over 300 Organizations Worldwide - The Play ransomware group, also going by the name Playcrypt, has been affecting several kinds of North American, South American, and European enterprises as well as vital infrastructure since June 2022. The FBI learned of about 300 impacted companies ...
1 year ago Cybersecuritynews.com
New Hunters International ransomware possible rebrand of Hive - A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. This theory is supported by ...
1 year ago Bleepingcomputer.com Hunters

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)