Ransomware

Play

First seen: 2022-06 • Status: active

Currently Active Threat

Play is a ransomware gang that targets companies in Latin America and Europe. They use their own custom tools.

Overview

Play ransomware targets organizations in Latin America and Europe. It uses unique techniques including custom tools for data exfiltration.

Also Known As

PlayCrypt, Play Ransomware

How It Spreads

  • RDP exploitation
  • VPN vulnerabilities
  • FortiOS exploitation

What It Does

  • File encryption
  • Data exfiltration
  • Double extortion

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Play signatures
  • Watch for custom exfiltration tools

MITRE ATT&CK Techniques

T1486, T1567, T1133

If You're Infected

  1. 1.

    Patch VPN and FortiOS devices

  2. 2.

    Engage incident response

Related Malware

Lockbit 3, Blackcat

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices