According to the FBI, CISA and the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), the Play ransomware gang has breached about 300 Organisations worldwide from June 2022 to October 2023. Although this number is large, what is more worrying is that some of the victims is organisations related to critical infrastructure.
“Since June 2022, the Play ransomware group (also known as Playcrypt) has affected a wide range of businesses and critical infrastructure in North America, South America and Europe“, warned the three governmental services.
The Play ransomware first appeared in June 2022, with some victims asking for help on the BleepingComputer forums.
See also: Play ransomware: uses new custom data theft tools
Unlike typical ransomware operations, Play ransomware affiliates ask victims to communicate via email to negotiate the ransom. However, before developing ransomware, hackers steal sensitive documents from the compromised systems, which they use to force victims to pay a ransom under threat of being compromised. This is a tactic used by most ransomware gangs in recent years.
The gang also uses a custom VSS Copying Tool which helps to steal files from shadow volume copies even when these files are used by Applications.
Some of the most recent and major victims of Play ransomware are: the City of Oakland in California, Arnold Clark, Rackspace and the Belgian city of Antwerp.
The FBI, CISA and ASD's ACSC are calling on agencies to prioritize treatment of known vulnerabilities to reduce the likelihood of their use in attacks from the Play ransomware.
In addition, network defenders shall implement multi-factor authentication (MFA) across all services, focusing on webmail, the VPN and accounts with access to critical systems.
See also: The Play ransomware group published the data of Royal Dirkzwager
Η regular updates software and applications and the usual evaluations vulnerabilities should be part of the standard security practices of all organisations.
The three government agencies Composed by still the following:
- Requirement to authenticate multiple agents where possible
- Maintaining backups of important data offline
- Implementation of a recovery plan
- Update all operating systems, software and firmware
Effects of a ransomware attack
A ransomware attack has many consequences for victims. One of the main ones is the loss of personal data. The users infected by ransomware usually lose personal information such as files, photos and other important data. And as we said above, hackers not only steal it, but threaten to leak it if they don't receive a ransom.
See also: Play ransomware: leaks data stolen from the city of Auckland
Another impact is the possible disruption of the operation of the systems. Users who are infected are forced to face the inability to access files and applications that are necessary for their work. This can lead to significant productivity disruption and cause financial losses for affected businesses and organizations.
Finally, ransomware causes significant economic losses, since the victims are sometimes forced to pay for the ransom, while they also need to invest in new security systems and restore compromised systems.
Source : www.bleepingcomputer.com
, η συμμορία ransomware Play){kind=link}