December 18, 2023 at 11:29AM
The FBI, CISA, and ASD’s ACSC jointly warn that the Play ransomware gang has targeted approximately 300 organizations globally between June 2022 and October 2023, impacting critical infrastructure. The group employs unconventional tactics, including stealing sensitive data and using a custom VSS Copying Tool. Organizations are urged to address vulnerabilities and implement security measures to fend off attacks.
From the meeting notes, it is clear that the Play ransomware gang has carried out breaches in approximately 300 organizations worldwide, including critical infrastructure entities, between June 2022 and October 2023. The FBI, in partnership with CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, issued a joint advisory to caution organizations about the impact of the Play ransomware group. The gang has targeted businesses and critical infrastructure in North America, South America, and Europe.
It is important to note that the Play ransomware operation involves unique tactics, such as using email communication for negotiation and stealing sensitive documents from compromised systems to pressure victims into paying ransom demands under the threat of data leakage. Additionally, the gang uses a custom VSS Copying Tool to steal files from shadow volume copies, even when those files are in use by applications.
Recent high-profile victims of the Play ransomware include the City of Oakland in California, car retailer giant Arnold Clark, cloud computing company Rackspace, and the Belgian city of Antwerp.
To address these ransomware attacks, organizations are urged to prioritize addressing known vulnerabilities that have been exploited, implement multifactor authentication, regularly update and patch software, maintain offline backups of data, and keep operating systems, software, and firmware up to date. The FBI, CISA, and ASD’s ACSC encourage organizations to implement the recommendations in the Mitigations section of the advisory to reduce the likelihood and impact of ransomware incidents.