Play ransomware group has listed a US-based technology company A10 Networks as a victim. A10 Networks provides automated cybersecurity solutions that provides a portfolio of high-performance secure application solutions.
The ransom note was posted on the leak site shortly after the company posted its fourth-quarter earnings, beating market estimates.
The company’s website is accessible at the point of publishing this report. There was no official announcement from A10 Networks on the announcement.
The Cyber Express is awaiting a reply from A10 Networks for our requests for the details of the incident.
A10 Networks, Play, and ransomware attack
A10 Networks is an American public company specializing in the manufacturing of application delivery controllers, both software and hardware.
The company was added to the victim list on February 9, said the leak site post. According to the post, the company has a three-day timeline to pay the ransom, otherwise the data will be leaked on February 12.
The post does not mention the ransom amount, the volume of data accessed or whether any data is presently available for download.
A10 Networks, a listed company trading at the New York Stock Exchange, released its quarterly earnings this week, with a report of $0.24 per share, beating analysts’ expectations of $0.23 per share, reported Zacks Equity Research
How Play ransomware group works
This relatively new ransomware news that borrows tactics from Hive and Nokoyawa, found Trend Micro. The numerous similarities between them suggest that Play, similar to Nokoyawa, is run by the same group of individuals.
“This ransomware’s name was derived from its behavior, as it adds the extension “.play” after encrypting files. Its ransom note also contains the single word, “PLAY,” and the ransomware group’s contact email address,” the Trend Micro report said.
Play primarily targets organizations in Latin America, with Brazil being their main focus, reported cybersecurity company Avertium. However, they have also been spotted conducting attacks on India, Hungary, Spain, and the Netherlands.
“Play is known for their big game hunting tactics, such as using Cobalt Strike for post-compromise and SystemBC RAT for persistence. They have recently started exploiting the ProxyNotShell vulnerabilities in Microsoft Exchange,” the Avertium report said.