Ransomware Strain ‘PLAY’ Hits Argentina’s Judiciary of Córdoba

The PLAY Ransomware impacted the Córdoba Judiciary in Argentina. The attack affected its websites and databases, making it one of the worst computer hacks on public institutions in the Argentine Republic. The hacker left the websites inaccessible, and till now, there have been no improvements on the compromised systems.

Police and Cybersecurity specialists are assisting with the investigation to identify the incident’s perpetrators. Local sources claim that the ransomware strain “PLAY” infected the government organization’s computers. This ransomware is a well-known threat actor (TA) specifically made to encrypt computer user data and demand ransom payments to unlock it.

How PLAY infiltrated Argentina’s Judiciary of Córdoba?

PLAY is popular ransomware in dark web markets, and it can silently nobble information from a victim’s computer without informing them. The encrypted data is not disclosed to the victims, and the hacker demands payment for decrypting the data after encryption.

El comunicado oficial del Poder Judicial. pic.twitter.com/Qyr4k60Lro

— Luis Ernesto Zegarra (@luisezegarra) August 14, 2022

The attack on Argentina’s Judiciary of Córdoba blocked the communication between its websites, digital assets, and databases. Due to the sudden assault, the authorities have shut down their IT systems and are forced to use pen and paper for legal procedures and documentation.

According to sources, the attack occurred on August 13, 2022, causing the Córdoba Judiciary to shut down its websites, IT systems, and online portals for users. Soon after the attack, the authorities consulted Microsoft, Cisco, Trend Micro, and local cybersecurity specialists to investigate the attack and find its real culprit.

How was “PLAY” detected?

Ataque informático contra el Poder Judicial de Córdoba. Una variante de ransomware, conocida como .Play. Está caído el sistema en las unidades judiciales, por lo que no se toman denuncias.
"El peor ataque informático de la historia contra instituciones públicas", comentan. pic.twitter.com/Agi5dKyAzy

— Luis Ernesto Zegarra (@luisezegarra) August 14, 2022

Though the Judiciary of Córdoba has refused to say anything about the attack or disclose what caused it, journalist Luis Ernest Zegarra Tweeted about the insights and shared that a “.play” extension encrypted the files. The “PLAY” ransomware uses the ‘.play ‘extensions, and it was pretty evident from that point that the Judiciary of Córdoba was hit by ransomware none other than “PLAY.”