Play (hacker group)

Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States,[1] Brazil,[2] Argentina,[2] Germany,[3] Belgium[3] and Switzerland.[4]

Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa.[5]

The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address.[2]

  1. ^ Kovacs, Eduard (2023-01-05). "Play Ransomware Group Used New Exploitation Method in Rackspace Attack". securityweek. Retrieved 2023-06-17.
  2. ^ a b c "Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say". cyberscoop.com. Cyberscoop. 2023-04-19. Retrieved 2023-06-17.
  3. ^ a b Gatlan, Sergiu (2023-01-04). "Rackspace confirms Play ransomware was behind recent cyberattack". bleepingcomputer.com. Bleeping Computer. Retrieved 2023-06-17.
  4. ^ "Hacker group publishes stolen Swiss media data". swissinfo.ch. Swissinfo. 2023-05-11. Retrieved 2023-06-17.
  5. ^ Poireault, Kevin (2023-06-11). "Swiss Government Targeted by Series of Cyber-Attacks". infosecurity-magazine.com. Infosecurity Magazine. Retrieved 2023-06-17.