900 Victims Compromised by Play Ransomware, FBI Reports

The FBI disclosed that nearly 900 organizations were compromised in the rising tide of Play ransomware attacks.

Triple impact in under two years

In a new joint cybersecurity advisory issued with its Australian partners, the FBI disclosed that the Play ransomware group has compromised some 900 organizations since May.

The figure tripled from the late 2023 report of 300, illustrating the group’s rapid expansion of targeting capabilities and exploitation of new vulnerabilities.

Active since mid-2022, the Play group, also known as Playcrypt, has orchestrated attacks across North and South America, as well as Europe. The victims span a broad spectrum, ranging from public sector agencies to multinational companies, including areas of critical infrastructure.

Evolving tactics, techniques and procedures (TTPs)

What sets Play apart is its strategic use of custom-coded malware for each breach. This constant retooling and custom tailoring of attacks boosts the gang’s proficiency by helping it evade detection.

In some instances, the group has escalated pressure tactics by calling victims directly, demanding ransom to refrain from leaking data.

Affiliates of the notorious cybercrime syndicate have also exploited several newly identified vulnerabilities in remote monitoring and management software, using them as entry points for deeper system compromises. In one case, attackers backdoored systems and deployed Sliver beacons, potentially laying the groundwork for future ransomware deployments.

A ransomware operation with unique approaches

Unlike many of their analogs, Play forgoes Dark Web negotiation portals in favor of direct email communication.

The gang’s modus operandi includes exfiltrating sensitive data, leveraging it for extortion, and using a proprietary tool to bypass shadow copy protections during data thefts.

High-profile victims of the group include the City of Oakland, Krispy Kreme, and Dallas County.

Keeping ransomware and other threats at bay

Although good cyber hygiene and an understanding of ransomware groups are crucial in shielding against them, specialized tools can further enhance your defenses.

Bitdefender Ultimate Security can help you thwart ransomware, viruses, Trojans, zero-day exploits, spyware, rootkits, and other digital intrusions.

Its key features include multi-layer ransomware protection, complete real-time data protection, cryptomining protection, behavioral detection for active apps, and AI-powered scam detection.