Play Ransomware attack reportedly targets 17 new victims


Ransomware group Infamous Play has expanded its victim list by adding 17 new company names based in the United States, United Kingdom, Netherlands and Canada. The list of victims of the Play ransomware attack has been published on the cybercriminal group’s dark web portal.

On November 28, a list of alleged victims targeted by the Play ransomware attack was released, warning of data exposure if ransom demands are not met by December 4.

Playing victim of ransomware attacks

THE ransomware attack targeted 14 companies based in the United States and the other three based in the United Kingdom, the Netherlands and Canada.

Which adds to the seriousness of the alleged game Ransomware The attack is the category of companies listed by the ransomware gang.

play ransomware attack
Credit: @FalconFeedsio on ‘X’

Single Point Outsourcing, Thillens, Elston Nationwide, American Insulated Glass, Moore Co., Continental Shipping Line, Sparex, Retailer Web Services, Byfod, SurvTech Solutions, EDGE Realty Partners, Noble Mountain Tree Farm, Unitransfer, SC Hydraulic Engineering, Labtopia, OLA Consulting Engineers and Canderel Management are among the victims affected by the alleged Play ransomware attack.

THE Play ransomware group listed companies in the fields of IT services, outsourcing, retail, real estate, shipping, engineering, consulting and management services. These companies risk revealing many details about ordinary individuals who are unaware of the potential threat.

play ransomware attack
Credit FalconFeedsio to ‘X’

Potential victims of this situation data breach are individuals seeking deliveries, employment, IT services or advice from relevant companies. Such a breach poses serious risks of identity theft and various forms of fraudulent activity.

play ransomware attack
Credit: FalconFeedsio on ‘X’

Ransomware attacks often lead to damage to the reputation of companies who suffer the consequences by losing their customer base, their market trust quotient and their future business prospects. Worse still, the legal consequences result in immediate financial losses for victims of data breach.

A wise strategy to avoid incidents like the Play ransomware attack is to use content filters and antiviruses on your email servers. These apps reduce the risk of spam emails landing in your mailbox with harmful attachments or compromised links.

About Play Ransomware Group

The pirates of Play ransomware group target businesses and government establishments. Since its inception in 2022, the group has attacked targets in the United States, United Kingdom, Canada, Netherlands, Brazil, Argentina, Germany, Belgium and Switzerland.

Security experts believe the Play ransomware group has ties to Russia. PlayCrypt is another name for the group. It was created by a team known as Balloonfly, monitored by Symantec. After encrypting the files, the group’s ransomware adds the “.play” suffix.

The word “PLAY” and the group’s email address are included in its ransom note. Two new proprietary tools have been used by the Play ransomware organization to strengthen their attacks, namely Volume Shadow Copy Service (VSS), Grixbat.

What to do if your business has already been affected

These actions, as indicated by the National Cybersecurity Center from the United Kingdom, could reduce the damage if ransomware has already infected your business:

  1. Immediately disconnect all network connections, whether wired, wireless, or mobile device-based, from compromised PCs, laptops, or tablets.
  2. If things are really bad, ask yourself if you really need to disconnect from the Internet, turn off all the switches, and turn off your Wi-Fi.
  3. Change all your login information, including passwords (especially for administrator and other system accounts); However, make sure you are not preventing yourself from accessing the systems needed for recovery.
  4. Replace the operating system on compromised devices and securely erase them.
  5. Make sure the backup is virus-free before restoring it.
  6. To download, install and update the operating system and other software, connect the devices to a cleaned network.
  7. Run, install and update your antivirus program.
  8. Reestablish a network connection.
  9. To find out if any infections remain, monitor network traffic and run virus scans.

To increase your chances of avoiding ransomware attacks, it is crucial to create offline backups and store them in a separate location, preferably offshore, away from your network and systems. You might also consider using a secure cloud service explicitly designed for this purpose.

Paying a ransom, in most cases, is not a wise choice. Even after companies pay the ransom, there is no guarantee that the data will be recovered. Computer systems continue to be infected with ransomware and are more likely to be attacked in the future.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber ​​Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment