7 New Organization Listed by PLAY Ransomware in Cyberattack

The victims do not appear to have any obvious connection, which highlights the random and arbitrary nature of the attacks.

Seven new victims have been claimed under the PLAY ransomware attack — orchestrated by the threat actor with the same name.

The notorious PLAY ransomware group operating in the underground forums has identified and targeted these organizations located in different corners of the world. 

Surprisingly, there seems to be no apparent connection between these victims, highlighting the indiscriminate nature of their attacks.

PLAY Ransomware Attack: 7 New Victims Added

Source: Twitter

This ransomware campaign is part of a wider scheme orchestrated by the threat actor, targeting major organizations worldwide.

The PLAY ransomware attack victims include:

  • Hughes Gill Cochrane Tinetti
  • Saltire Energy
  • Centek industries
  • NachtExpress Austria
  • WCM Europe
  • Starr Finley
  • unknown victim

Hughes Gill Cochrane Tinetti, headquartered in California, United States, fell prey to this PLAY ransomware attack. Their website, www.hughes-gill.com, was compromised on October 10, 2023, with the ransom demand stretching four days from the publication date.

Saltire Energy, a stalwart in the United Kingdom, faced a similar attack. The threat actor claimed the PLAY ransomware attack on October 10, 2023, with a ransom date of October 14, 2023, before their data gets published.

Similarly, additional organizations mentioned by the PLAY ransomware group have been targeted by the PLAY ransomware, with a looming deadline of 1 to 4 days before all the stolen data is exposed on the dark web.

The Rise of Play Ransomware Group

The rise in PLAY ransomware attacks and recent data breaches claims has raised concerns among both private and public organizations worldwide.

Threat actors like PLAY ransomware exploit vulnerabilities and unpatched security systems to gain unauthorized access and encrypt valuable data.

To learn more about these PLAY ransomware attacks, and get clarification on the claims made by the threat actor, The Cyber Express reached out to the multiple organizations listed by the threat actor.

However, at the time of writing this, no response or confirmation has been received. This leaves the claims surrounding the PLAY ransomware attack unverified.

Play ransomware group has been on the run from a long time. Cybersecurity experts at Symantec recently identified the Play ransomware, also known as PlayCrypt, targeting a wide range of private and public organizations across various industries worldwide. 

The hacker collective, initially developed by the Balloonfly group, has gained infamy for carrying out prominent attacks since its debut in June 2022. Moreover, they employs a dual extortion approach, beginning with the extraction of victim network data before proceeding to encryption.

Alongside other notorious variants like LockBit, Mallox, and Clop, Play ransomware has emerged as the most cunning threat actors on the dark web. They also employs a range of infection vectors, exploiting known vulnerabilities such as ProxyNotShell, and even purchasing access to infrastructure through stolen credentials from previously successful threat actors.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Ashish Khaitan

Ashish is a technical writer at The Cyber Express. He adores writing about the latest technologies and covering the latest cybersecurity events. In his free time, he likes to play horror and open-world video games.

Recent Posts

AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

The report noted that cyber risk has become a major financial stability concern as India's financial ecosystem becomes increasingly digital…

23 hours ago

Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

Apple said the flaws were addressed through improved memory management, input validation, bounds checking, and stronger security origin tracking.

2 days ago

Ukraine Makes History With First $8.3M Seized Crypto Transfer to ARMA

ARMA said receiving the cryptocurrency marks an important step in the evolution of Ukraine's asset management system.

2 days ago

U.S. Seizes Nearly 400 Illegal FIFA World Cup Streaming Domains

The domain seizure operation was coordinated with international partners through the International Computer Hacking and Intellectual Property (ICHIP) Network.

2 days ago

Operation Endgame Disrupts SocGholish, StealC Malware Networks

The operation forms part of Operation Endgame, described by Europol as the largest international initiative to disrupt ransomware enablers worldwide.

3 days ago

UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection

The UAE Cybersecurity Council shares cybersecurity best practices to help users secure digital footprints and reduce cyberattack risks.

3 days ago

This website uses cookies. By continuing to use this website you are giving consent to cookies being used.

Read More