Play (hacker group)
Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States,[1] Brazil,[2] Argentina,[2] Germany,[3] Belgium[3] and Switzerland.[4]
Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa.[5]
The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address.[2]
History
In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba.[6]
In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media.[7] This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, Schweizer Revue.[8] In the same month, a Valais community fell victim.[9] In May/June there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected.[10]
References
- Kovacs, Eduard (2023-01-05). "Play Ransomware Group Used New Exploitation Method in Rackspace Attack". securityweek. SecurityWeek. Retrieved 2023-06-17.
- "Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say". cyberscoop.com. Cyberscoop. 2023-04-19. Retrieved 2023-06-17.
- Gatlan, Sergiu (2023-01-04). "Rackspace confirms Play ransomware was behind recent cyberattack". bleepingcomputer.com. Bleeping Computer. Retrieved 2023-06-17.
- "Hacker group publishes stolen Swiss media data". swissinfo.ch. Swissinfo. 2023-05-11. Retrieved 2023-06-17.
- Poireault, Kevin (2023-06-11). "Swiss Government Targeted by Series of Cyber-Attacks". infosecurity-magazine.com. Infosecurity Magazine. Retrieved 2023-06-17.
- Kovacs, Eduard (2022-09-01). "Ransomware Attacks Target Government Agencies in Latin America". securityweek.com. Securityweek. Retrieved 2023-06-17.
- Altwegg, Jürg (2023-04-18). "Böses Spiel mit der NZZ". faz.net. Frankfurter Allgemeine Zeitung. Retrieved 2023-06-17.
- Rigendinger, Balz (2023-06-27). "Leck von Bundesdaten: Bis zu 425'000 Auslandschweizer:innen betroffen". SWI Swissinfo.ch (in German). Retrieved 2023-06-28.
- "Update: Ransomware-Bande Play gewährt Walliser Gemeinde mehr Zeit". netzwoche.ch. Netzwoche. 2023-05-11. Retrieved 2023-06-17.
- "Das Ausmass des Hacks gegen einen Dienstleister der Bundesverwaltung ist gewaltiger als angenommen". nzz.ch. Neue Zürcher Zeitung. 2023-06-15. Retrieved 2023-06-17.