AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Play ransomware alert: 300 entities affected, including critical infrastructure

The modus operandi of the Play cybercriminal group and advice for countering its attacks

The FBI, CISA and ASD's ACSC warn against the activities of the Play ransomware cybercriminal group, responsible for cyber breaches globally. The group uses data stolen before the attack as a threat to demand ransom. Agencies recommend implementing multi-factor authentication, software updates, and recovery plans to mitigate risk.

This pill is also available in Italian language

The Federal Bureau of Investigation (FBI), together with the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Center Australian Signals Directorate (ASD's ACSC), has issued a warning regarding the activity of the cybercriminal group called Play ransomware. This group was responsible for cyber breaches against approximately 300 organizations globally between June 2022 and October 2023, also involving critical infrastructure entities. Since their debut in June 2022, threat actors have demonstrated a different-than-standard operating method for post-intrusion communication, preferring the use of email rather than establishing anonymized pages via Tor for ransom negotiation.

Play operating modes and objectives

This criminal group works by stealing sensitive documents from compromised computer systems before launching the ransomware attack, using that data as leverage to force victims to pay the ransom by threatening online disclosure. Among the tools used, we highlight one dedicated to copying shadow volume copies, allowing the theft of files even in the presence of locks at the operating system level. Recent notable victims include the city of Oakland in California, car dealership chain Arnold Clark, cloud computing firm Rackspace and the Belgian city of Antwerp.

How to defend yourself from Play

The agencies involved advise organizations to meditate on the implementation of specific defensive strategies, starting from the strengthening of known and frequently exploited vulnerabilities to mitigate the probability of falling victim to attacks orchestrated by the Play ransomware. The adoption of multi-factor authentication (MFA) is also essential, particularly for critical services such as webmail, VPN networks and privileged accounts, along with regular software updates and a proactive vulnerability assessment strategy.

Mitigation measures and security updates

Additional measures to mitigate the consequences of a possible attack and reduce its likelihood include maintaining offline backups of data, implementing recovery plans and systematically updating operating systems, software and firmware. The FBI, CISA and ASD's ACSC urge the implementation of the recommendations made in the mitigations section of their joint advisory, in order to strengthen the resilience of information infrastructures against ransomware-related incidents.

Follow us on Twitter for more pills like this

12/18/2023 19:47

Marco Verro

Last pills

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity