The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used by the Play ransomware group. The group, active since 2022, has impacted a wide range of businesses and critical infrastructure in North America, South America and Europe. As of May, the FBI was aware of about 900 victims allegedly exploited by the group’s efforts.

The threat actors are presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. They employ a double-extortion model that encrypts systems after exfiltrating data. Their ransom notes do not include an initial ransom demand or payment instructions. Instead, victims are instructed to contact the threat actors via email.

“Play ransomware was among the most active cyberthreat groups in 2024,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This report highlights their evolving tactics, and health care cybersecurity teams should be aware of the changes.  As threat actors shift tactics, it is critical that network defenders keep pace. The double-layered extortion model and encryption of systems, as well as theft of data, pose a serious potential risk to hospitals and the delivery of health care.”

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…
Headline
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…
Headline
Cyberattacks on hospitals are urgent threats to patient safety, care delivery and public trust. In this conversation, Ajay Gupta, board chair of Trinity Health…
Headline
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and the National Security Agency June 30 released a fact…