Ransomware Group

Play

Also known as: PlayCrypt

Status: active • First seen 2022-06300+ known victims

Play attacks city governments and companies by exploiting email servers and firewalls. They caused major disruption to Oakland city services.

Overview

Play ransomware has targeted government organizations including the City of Oakland. The group exploits Microsoft Exchange and Fortinet vulnerabilities.

Target Industries

Government, Technology, Transportation, Manufacturing

How They Attack

  • ProxyNotShell exploitation
  • FortiOS exploitation
  • Double extortion
  • Government targeting

Notable Victims

City of Oakland (2023), Arnold Clark (2022)

Is your business exposed?

How to Protect Against Play

  1. 1.

    Patch Exchange servers

  2. 2.

    Update FortiOS immediately

  3. 3.

    Implement government security protocols

MITRE ATT&CK Techniques

T1190, T1486, T1567, T1078

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices