Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, [1] Brazil, [2] Argentina, [2] Germany, [3] Belgium [3] and Switzerland. [4]
Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa. [5]
The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address. [2]
In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba. [6]
In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media. [7] This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, Schweizer Revue . [8] In the same month, a Valais community fell victim. [9] In May/June there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected. [10]
Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, [1] Brazil, [2] Argentina, [2] Germany, [3] Belgium [3] and Switzerland. [4]
Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa. [5]
The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address. [2]
In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba. [6]
In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media. [7] This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, Schweizer Revue . [8] In the same month, a Valais community fell victim. [9] In May/June there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected. [10]