AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Play ransomware alert: 300 entities affected, including critical infrastructure

The modus operandi of the Play cybercriminal group and advice for countering its attacks

The FBI, CISA and ASD's ACSC warn against the activities of the Play ransomware cybercriminal group, responsible for cyber breaches globally. The group uses data stolen before the attack as a threat to demand ransom. Agencies recommend implementing multi-factor authentication, software updates, and recovery plans to mitigate risk.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

The Federal Bureau of Investigation (FBI), together with the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Center Australian Signals Directorate (ASD's ACSC), has issued a warning regarding the activity of the cybercriminal group called Play ransomware. This group was responsible for cyber breaches against approximately 300 organizations globally between June 2022 and October 2023, also involving critical infrastructure entities. Since their debut in June 2022, threat actors have demonstrated a different-than-standard operating method for post-intrusion communication, preferring the use of email rather than establishing anonymized pages via Tor for ransom negotiation.

Play operating modes and objectives

This criminal group works by stealing sensitive documents from compromised computer systems before launching the ransomware attack, using that data as leverage to force victims to pay the ransom by threatening online disclosure. Among the tools used, we highlight one dedicated to copying shadow volume copies, allowing the theft of files even in the presence of locks at the operating system level. Recent notable victims include the city of Oakland in California, car dealership chain Arnold Clark, cloud computing firm Rackspace and the Belgian city of Antwerp.

How to defend yourself from Play

The agencies involved advise organizations to meditate on the implementation of specific defensive strategies, starting from the strengthening of known and frequently exploited vulnerabilities to mitigate the probability of falling victim to attacks orchestrated by the Play ransomware. The adoption of multi-factor authentication (MFA) is also essential, particularly for critical services such as webmail, VPN networks and privileged accounts, along with regular software updates and a proactive vulnerability assessment strategy.

Mitigation measures and security updates

Additional measures to mitigate the consequences of a possible attack and reduce its likelihood include maintaining offline backups of data, implementing recovery plans and systematically updating operating systems, software and firmware. The FBI, CISA and ASD's ACSC urge the implementation of the recommendations made in the mitigations section of their joint advisory, in order to strengthen the resilience of information infrastructures against ransomware-related incidents.

Follow us on Instagram for more pills like this

12/18/2023 19:47

Editorial AI

Last pills

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk

Pact between technology companies against electoral manipulationJoint technology initiative to preserve the integrity of democratic voting