Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Hackers have shaken up American cities and international companies.
The Play group, responsible for a number of devastating attacks on major American cities, has made more than 300 successful hacks since June 2022. This is reported by the FBI, cybersecurity agencies in the United States and Australia in a joint warning about the group's activities.
This year, the group "visited" the cities of Oakland, Lowell and Dallas, which for several days struggled with encrypted devices and stolen data of citizens. The city of Oakland even had to declare a state of emergency in the city. Swiss government agencies also suffered data theft during an attack on one of their IT providers.
According to the agencies, the group has attacked a wide range of businesses and critical infrastructure in the Americas, as well as in Europe, over the past 1.5 years. The FBI is aware of approximately 300 victims as of October 2023. In Australia, the first incident involving the band Play was noticed in April, the last - in November.
The group operates more cautiously than other cybercriminals. In most cases, Play does not include its demands in the ransom note, but instead asks victims to contact the ransomware via an email ending with @gmx [.] de.
Given the statements on the group's data leak site, experts noted that Play is supposedly a closed group created in order to " guarantee the secrecy of transactions." Ransomware uses a double ransomware model, encrypting systems after data theft.
Typically, the group uses stolen credentials and public applications to target vulnerabilities in popular products, such as FortiOS CVE-2018-13379 and CVE-2020-12812 , as well as ProxyNotShell vulnerabilities in Microsoft tools.
Attackers use various tools to steal information, as well as to scan and disable antivirus software. After splitting the compromised data into smaller parts and transferring them to accounts managed by hackers, the group usually adds an extension .access to file names.
Ransoms are paid in cryptocurrency to wallet addresses provided by hackers. If the victim refuses to pay the ransom, the attackers threaten to publish the stolen data on their Tor leak site.
When the Play group first appeared in mid-2022, it targeted government agencies in Latin America. The group recently gained attention for a devastating attack on the city of Oakland, which has spent weeks recovering from the incident. And cloud provider Rackspace Technology Inc. spent $10.8 million to fix the consequences of a large-scale cyber attack on Google.
In March, Play released 10 GB of Auckland government data after the city refused to pay a ransom. The leak included sensitive data stolen from the city's police department, driver's license numbers, social security numbers, and even information about the city's elected officials.
The Play group, responsible for a number of devastating attacks on major American cities, has made more than 300 successful hacks since June 2022. This is reported by the FBI, cybersecurity agencies in the United States and Australia in a joint warning about the group's activities.
This year, the group "visited" the cities of Oakland, Lowell and Dallas, which for several days struggled with encrypted devices and stolen data of citizens. The city of Oakland even had to declare a state of emergency in the city. Swiss government agencies also suffered data theft during an attack on one of their IT providers.
According to the agencies, the group has attacked a wide range of businesses and critical infrastructure in the Americas, as well as in Europe, over the past 1.5 years. The FBI is aware of approximately 300 victims as of October 2023. In Australia, the first incident involving the band Play was noticed in April, the last - in November.
The group operates more cautiously than other cybercriminals. In most cases, Play does not include its demands in the ransom note, but instead asks victims to contact the ransomware via an email ending with @gmx [.] de.
Given the statements on the group's data leak site, experts noted that Play is supposedly a closed group created in order to " guarantee the secrecy of transactions." Ransomware uses a double ransomware model, encrypting systems after data theft.
Typically, the group uses stolen credentials and public applications to target vulnerabilities in popular products, such as FortiOS CVE-2018-13379 and CVE-2020-12812 , as well as ProxyNotShell vulnerabilities in Microsoft tools.
Attackers use various tools to steal information, as well as to scan and disable antivirus software. After splitting the compromised data into smaller parts and transferring them to accounts managed by hackers, the group usually adds an extension .access to file names.
Ransoms are paid in cryptocurrency to wallet addresses provided by hackers. If the victim refuses to pay the ransom, the attackers threaten to publish the stolen data on their Tor leak site.
When the Play group first appeared in mid-2022, it targeted government agencies in Latin America. The group recently gained attention for a devastating attack on the city of Oakland, which has spent weeks recovering from the incident. And cloud provider Rackspace Technology Inc. spent $10.8 million to fix the consequences of a large-scale cyber attack on Google.
In March, Play released 10 GB of Auckland government data after the city refused to pay a ransom. The leak included sensitive data stolen from the city's police department, driver's license numbers, social security numbers, and even information about the city's elected officials.
