• World CyberCon India
Firewall Daily Ransomware

Ransomware Strain ‘PLAY’ Hits Argentina’s Judiciary of Córdoba

In a new cyberattack, Argentina's Judiciary of Córdoba got wrapped up in an attack by an unknown group, which used ransomware strain “PLAY” to encrypt files on their network.

Ransomware Strain ‘PLAY’ Hits Argentina’s Judiciary of Córdoba
  • PublishedAugust 18, 2022

The PLAY Ransomware impacted the Córdoba Judiciary in Argentina. The attack affected its websites and databases, making it one of the worst computer hacks on public institutions in the Argentine Republic. The hacker left the websites inaccessible, and till now, there have been no improvements on the compromised systems.

Police and Cybersecurity specialists are assisting with the investigation to identify the incident’s perpetrators. Local sources claim that the ransomware strain “PLAY” infected the government organization’s computers. This ransomware is a well-known threat actor (TA) specifically made to encrypt computer user data and demand ransom payments to unlock it.

How PLAY infiltrated Argentina’s Judiciary of Córdoba?

PLAY is popular ransomware in dark web markets, and it can silently nobble information from a victim’s computer without informing them. The encrypted data is not disclosed to the victims, and the hacker demands payment for decrypting the data after encryption.

The attack on Argentina’s Judiciary of Córdoba blocked the communication between its websites, digital assets, and databases. Due to the sudden assault, the authorities have shut down their IT systems and are forced to use pen and paper for legal procedures and documentation.

According to sources, the attack occurred on August 13, 2022, causing the Córdoba Judiciary to shut down its websites, IT systems, and online portals for users. Soon after the attack, the authorities consulted Microsoft, Cisco, Trend Micro, and local cybersecurity specialists to investigate the attack and find its real culprit.

How was “PLAY” detected?

Though the Judiciary of Córdoba has refused to say anything about the attack or disclose what caused it, journalist Luis Ernest Zegarra Tweeted about the insights and shared that a “.play” extension encrypted the files. The “PLAY” ransomware uses the ‘.play ‘extensions, and it was pretty evident from that point that the Judiciary of Córdoba was hit by ransomware none other than “PLAY.”

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

1 Comment

Comments are closed.