Play (hacker group)

Last updated

Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, [1] Brazil, [2] Argentina, [2] Germany, [3] Belgium [3] and Switzerland. [4]

Security experts suspect that the group has links to Russia, since the encryption techniques used are similar to those used by other russian-linked ransomware groups such as Hive and Nokoyawa. [5]

The name "play" comes from the ".play" file extension that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address. [2]

History

In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba. [6]

In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper Neue Zürcher Zeitung was attacked, leading to the penetration of the systems of its service provider, CH-Media. [7] This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, Schweizer Revue  [ de ]. [8] In the same month, a Valais community fell victim. [9] In May/June there was a massive hacker attack on an IT service provider of the Federal administration of Switzerland and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected. [10]

Related Research Articles

<span class="mw-page-title-main">Kaspar Villiger</span> 83rd President of the Swiss Confederation

Kaspar Villiger is a Swiss businessman, former tobacco manufacturer and politician. He served as a member of the Federal Council (Switzerland) since 1 February 1989 for The Liberals. Villiger served two terms as President of the Swiss Confederation in 1995 and again in 2002. He previously served on the Council of States (Switzerland) from 1987 to 1989 and on the National Council (Switzerland) from 1982 to 1987.

SIX Swiss Exchange, based in Zurich, is Switzerland's principal stock exchange. SIX Swiss Exchange also trades other securities such as Swiss government bonds and derivatives such as stock options.

<i>Neue Zürcher Zeitung</i> Swiss German-language daily newspaper

<span class="mw-page-title-main">Emil Georg Bührle</span>

Emil Georg Bührle was a German-born Swiss industrialist, controversial armament manufacturer and art collector. Bührle was long-term managing owner of Oerlikon-Bührle and the founding patron of Foundation E.G. Bührle. During the Second World War Bührle became Switzerland's richest man by supplying weapons to Nazi Germany. He was the patriarch of the Bührle family.

<span class="mw-page-title-main">Ueli Maurer</span> 93rd President of the Swiss Confederation

Ulrich "Ueli" Maurer is a Swiss politician who served as a Member of the Swiss Federal Council from 2009 to 2022. A member of the Swiss People's Party (SVP/UDC), he was President of the Swiss Confederation in 2013 and 2019. Formerly head of the Federal Department of Defence, Civil Protection and Sports (2009–2015), Maurer has headed the Federal Department of Finance from 2016 to 2022. Until 2022, he has been the longest-serving current member of the Federal Council since Doris Leuthard's resignation in 2018.

<span class="mw-page-title-main">Erika Forster-Vannini</span> Swiss politician

Erika Forster-Vannini is a Swiss businesswoman and former politician. She served as a member on the Council of States (Switzerland) for The Liberals from 1995 to 2011, which she presided from 2009 to 2010. Between 1988 and 1996 she served on the Grand Council of St. Gallen, which she presided in 1994/1995.

SIX operates the infrastructure for the Swiss financial centre. The company provides services relating to securities transactions, the processing of financial information, payment transactions and is building a digital infrastructure. The company name SIX is an abbreviation and stands for Swiss Infrastructure and Exchange. SIX is globally active, with its headquarters in Zurich.

Qontis is a Switzerland based online personal finance management (PFM) platform. The service is part of a commercial enterprise between the Neue Zürcher Zeitung media property and e-banking solutions provider Crealogix. The platform provides users with the ability to document and organize data from all instances of private income and expenditures. Qontis' CEO is Christian Bieri, who formerly served as the Austrian Country Manager and CEE for the Vienna branch of Avaloq Evolution AG. The company's CMO is Nils Reimelt, the former digital director at Ringier Axel Springer Media AG. In March 2014, Qontis developed a personal Finance Manager, which should be able to access the data of almost all Swiss ("multibanking").

<span class="mw-page-title-main">Martin Dahinden</span> Swiss diplomat

Martin Dahinden is a Swiss diplomat who has served as ambassador of Switzerland to the United States of America from 2014 to 2019. Dahinden presented his credentials to the President of the United States of America, Barack Obama, on November 18, 2014 at the White House in Washington, D.C. He retired in 2019.

<span class="mw-page-title-main">Walter Thurnherr</span> Chancellor of Switzerland

Walter Thurnherr is a Swiss government official who has served as Chancellor of Switzerland since 2016. Although he holds a traditionally nonpartisan office, he was elected as a member of the Christian Democratic People's Party (CVP/PDC). When it merged with the Conservative Democratic Party (BDP/PBD) to form The Centre (DM/LC) in 2021, Thurnherr joined the new party.

Robert K. Heuberger was a Swiss real estate entrepreneur, patron of the arts and an author under the pseudonym Victor Vermont.

Hans Wegmueller was born in Switzerland and was head of the Swiss intelligence agencies from 2001–2008. He joined the service in 1978. In 2018 he became a founding director of a private intelligence firm.

CH Media is a Swiss media company which was founded in 2018 as a joint venture of the AZ Medien and the NZZ Media Group. It has about 2000 employees and generates sales of almost CHF 500 million.

<span class="mw-page-title-main">Eva Herzog</span> Swiss politician

Eva Herzog is a Swiss politician who has represented Basel-Stadt in the Council of States since 2019. She is a member of the Social Democratic Party (SP/PS).

On the evening of 12 September 2020, a randomly-chosen man was fatally stabbed in a kebab restaurant in Morges, Vaud canton, Switzerland. The accused, a Turkish-Swiss dual national, was known to the Swiss intelligence service as an Islamist and under surveillance for possible links to terrorism. The victim was a 29-year-old Portuguese man. While in custody of the Swiss police, the accused is alleged to have confessed that he acted in the name of jihadism. Swiss authorities suspect a terrorist motive.

<span class="mw-page-title-main">Mattea Meyer</span> Swiss politician

Mattea Julia Meyer is a Swiss politician, a member of the Swiss National Council and co-president of the Swiss Social Democratic Party.

DarkSide is a cybercriminal hacking group, believed to be based in Russia, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. It is thought that they have been able to hack and extort money from around 90 companies in the USA alone. The group provides ransomware as a service.

<span class="mw-page-title-main">Alfred Heer</span>

Alfred Marius 'Fredi' Heer is a Swiss businessman and politician. He currently serves as a member of the National Council (Switzerland) for the Swiss People's Party since 2007. He is also a member of Parliamentary Assembly to the Council of Europe. He previously served on the Cantonal Council of Zürich from 1995 to 2008.

Hans Jakob Vontobel was a Swiss private banker and philanthropist. He was the former president of Vontobel between 1984 and 1994 and honorary president until his death. He held approximately 20% of controlling shares of the private bank. He was the patriarch of the Vontobel banking family.

References

  1. Kovacs, Eduard (2023-01-05). "Play Ransomware Group Used New Exploitation Method in Rackspace Attack". securityweek. SecurityWeek. Retrieved 2023-06-17.
  2. 1 2 3 "Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say". cyberscoop.com. Cyberscoop. 2023-04-19. Retrieved 2023-06-17.
  3. 1 2 Gatlan, Sergiu (2023-01-04). "Rackspace confirms Play ransomware was behind recent cyberattack". bleepingcomputer.com. Bleeping Computer . Retrieved 2023-06-17.
  4. "Hacker group publishes stolen Swiss media data". swissinfo.ch. Swissinfo. 2023-05-11. Retrieved 2023-06-17.
  5. Poireault, Kevin (2023-06-11). "Swiss Government Targeted by Series of Cyber-Attacks". infosecurity-magazine.com. Infosecurity Magazine. Retrieved 2023-06-17.
  6. Kovacs, Eduard (2022-09-01). "Ransomware Attacks Target Government Agencies in Latin America". securityweek.com. Securityweek. Retrieved 2023-06-17.
  7. Altwegg, Jürg (2023-04-18). "Böses Spiel mit der NZZ". faz.net. Frankfurter Allgemeine Zeitung . Retrieved 2023-06-17.
  8. Rigendinger, Balz (2023-06-27). "Leck von Bundesdaten: Bis zu 425'000 Auslandschweizer:innen betroffen". SWI Swissinfo.ch (in German). Retrieved 2023-06-28.
  9. "Update: Ransomware-Bande Play gewährt Walliser Gemeinde mehr Zeit". netzwoche.ch. Netzwoche. 2023-05-11. Retrieved 2023-06-17.
  10. "Das Ausmass des Hacks gegen einen Dienstleister der Bundesverwaltung ist gewaltiger als angenommen". nzz.ch. Neue Zürcher Zeitung. 2023-06-15. Retrieved 2023-06-17.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.