Play (hacker group)

Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States,[1] Brazil,[2] Argentina,[2] Germany,[3] Belgium[3] and Switzerland.[4]

Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa.[5]

The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address.[2]

History

In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba.[6]

In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media.[7] This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, Schweizer Revue [de].[8] In the same month, a Valais community fell victim.[9] In May/June, there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected.[10]

References

  1. ^ Kovacs, Eduard (2023-01-05). "Play Ransomware Group Used New Exploitation Method in Rackspace Attack". securityweek. Retrieved 2023-06-17.
  2. ^ a b c "Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say". cyberscoop.com. Cyberscoop. 2023-04-19. Retrieved 2023-06-17.
  3. ^ a b Gatlan, Sergiu (2023-01-04). "Rackspace confirms Play ransomware was behind recent cyberattack". bleepingcomputer.com. Bleeping Computer. Retrieved 2023-06-17.
  4. ^ "Hacker group publishes stolen Swiss media data". swissinfo.ch. Swissinfo. 2023-05-11. Retrieved 2023-06-17.
  5. ^ Poireault, Kevin (2023-06-11). "Swiss Government Targeted by Series of Cyber-Attacks". infosecurity-magazine.com. Infosecurity Magazine. Retrieved 2023-06-17.
  6. ^ Kovacs, Eduard (2022-09-01). "Ransomware Attacks Target Government Agencies in Latin America". securityweek.com. Securityweek. Retrieved 2023-06-17.
  7. ^ Altwegg, Jürg (2023-04-18). "Böses Spiel mit der NZZ". faz.net. Frankfurter Allgemeine Zeitung. Retrieved 2023-06-17.
  8. ^ Rigendinger, Balz (2023-06-27). "Leck von Bundesdaten: Bis zu 425'000 Auslandschweizer:innen betroffen". SWI Swissinfo.ch (in German). Retrieved 2023-06-28.
  9. ^ "Update: Ransomware-Bande Play gewährt Walliser Gemeinde mehr Zeit". netzwoche.ch. Netzwoche. 2023-05-11. Retrieved 2023-06-17.
  10. ^ Eberhart, Jessica (2023-06-15). "Das Ausmass des Hacks gegen einen Dienstleister der Bundesverwaltung ist gewaltiger als angenommen". Neue Zürcher Zeitung. Retrieved 2023-06-17.