Play Ransomware Infected Over 300 Organizations Worldwide

The Play ransomware group, also going by the name Playcrypt, has been affecting several kinds of North American, South American, and European enterprises as well as vital infrastructure since June 2022.
The FBI learned of about 300 impacted companies as of October 2023 that the ransomware attackers allegedly took advantage of.
The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, and the Australian Signals Directorate's Australian Cyber Security Centre issued a joint advisory to disseminate IOCs and TTPs discovered as recently as October 2023 by the Play ransomware group.
The Play ransomware incident was initially noted in Australia in April 2023, and it was most recently detected in November 2023.
The threat actors using play ransomware utilize a double-extortion strategy, first gaining access to computers and then encrypting data.
The initial ransom demand and payment instructions are not included in ransom notes; instead, victims are told to email the threat actors.
By abusing legitimate accounts and taking advantage of public-facing applications, the Play ransomware group first gains access to victim networks.
Specifically, this is accomplished through known vulnerabilities in Microsoft Exchange and FortiOS. It has been noted that most ransomware actors initially gain access through external-facing services like Virtual Private Networks and Remote Desktop Protocol.
Actors in play ransomware employ tools such as AdFind to execute Active Directory queries and Grixba, an information-stealer, to enumerate network information and scan for anti-virus software.
Actors utilize tools like GMER, IOBit, and PowerTool to remove log files and disable antivirus software.
Prioritize remediating known exploited vulnerabilities.
Enable multifactor authentication for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems.
Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments.
To mitigate the possibility and effect of ransomware outbreaks, companies are encouraged by the FBI, CISA, and ASD's ACSC to implement the recommendations provided in the Mitigations.


This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 19 Dec 2023 14:15:12 +0000


Cyber News related to Play Ransomware Infected Over 300 Organizations Worldwide

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
11 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
11 months ago Securityboulevard.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
FBI Alarmed as Ransomware Strikes 300 Victims, Critical Sectors Under Siege - There was an advisory published late on Monday about the Play ransomware gang that was put out by the Federal Bureau of Investigation together with the US Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre. The ...
1 year ago Cysecurity.news
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
Play Ransomware Has Hit 300 Entities Worldwide: FBI - The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity ...
1 year ago Securityboulevard.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
11 months ago Unit42.paloaltonetworks.com
Play Ransomware Infected Over 300 Organizations Worldwide - The Play ransomware group, also going by the name Playcrypt, has been affecting several kinds of North American, South American, and European enterprises as well as vital infrastructure since June 2022. The FBI learned of about 300 impacted companies ...
1 year ago Cybersecuritynews.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
7 months ago Bleepingcomputer.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
CVE-2019-10923 - A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ...
1 year ago
CVE-2019-13940 - A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET ...
1 year ago
CVE-2019-10936 - A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ...
1 year ago
CVE-2022-25622 - A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F ...
1 year ago
CVE-2019-19300 - A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), ...
1 year ago
CVE-2018-4843 - A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU ...
1 year ago
FBI: Play ransomware breached 300 victims, including critical orgs - The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. The warning comes as a joint advisory issued in ...
1 year ago Bleepingcomputer.com
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
11 months ago Securityboulevard.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
10 months ago Malwarebytes.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
9 months ago Feeds.fortinet.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
10 months ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)