Agencies alert of threat by new Play ransomware group

Dec 19, 2023 - 03:03 PM
oig-fda-cybersecurity

The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre Dec. 18 released a warning about actions and tactics used by the Play ransomware group. The group has impacted a wide range of businesses and critical infrastructure in North America, South America and Europe since 2022, in addition to incidents in Australia in April and November this year. 

The cyber threat actors are presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. Play ransomware actors use a double-extortion model, which encrypts systems after exfiltrating data; their ransom notes do not include an initial ransom demand or payment instructions, rather, victims are instructed to contact the threat actors via email. 

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “This ransomware group, like many others, has been observed to use compromised valid accounts to gain initial access through external-facing services such as Remote Desktop Protocol and virtual private networks. Once inside the network, they continue to exploit a variety of vulnerabilities in third-party software and chain them together to move laterally across an organization’s network, ultimately compromising unsecured administrative accounts. It is recommended that organizations apply the alert’s cited mitigations to limit potential hackers’ use of common system and network discovery techniques to reduce the risk of high-impact ransomware attacks.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
Medical technology company Stryker disrupted globally by cyberattack
Stryker, a medical technology company that provides services and products for hospitals, was disrupted globally by a cyberattack, the company announced March…
Headline
White House issues executive order addressing cybercrime by threat groups
The White House issued an executive order March 6 to combat cybercrimes by threat groups. The order highlights how such groups can receive willing or…
Headline
ASPR releases cybersecurity module to conduct risk assessments 
The Administration for Strategic Preparedness and Response has released a new cybersecurity module for organizations to conduct risk assessments. The free…
Perspective
Staying Cyber Alert and Cyber Ready
Public
As the world has learned in recent years, today’s conflicts are fought with many weapons, and cyber warfare is an integral part of the arsenal.As of this…
Headline
FBI reminds of potentially malicious activity by Iranian cyber actors
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated…
Headline
CISA report updates findings on RESURGE malware attacks
The Cybersecurity and Infrastructure Security Agency Feb. 26 released a report that updates findings from last year on RESURGE malware used to gain covert…