CISA Advisory

Play Ransomware Technical Details

AA23-347A • Published December 13, 2023

Severity: high

Play ransomware has attacked over 300 organizations by exploiting security holes in Fortinet firewalls and Microsoft email servers. They are a closed group that does not rent out their tools to others.

Overview

Advisory on Play ransomware group which has impacted over 300 organizations globally. Play uses a closed affiliate model and exploits FortiOS and Microsoft Exchange vulnerabilities.

Who Is At Risk

  • Organizations using FortiOS
  • Organizations using Microsoft Exchange
  • Latin American organizations
  • North American organizations
  • Government agencies

Affected Products

FortiOS, Microsoft Exchange Server, Microsoft RDP

Is your business exposed?

Immediate Actions

  1. 1.

    Patch FortiOS to latest version

  2. 2.

    Update Microsoft Exchange

  3. 3.

    Implement LAPS for local admin passwords

  4. 4.

    Restrict PsExec usage

  5. 5.

    Monitor for SystemBC indicators

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices