CyberVeille.chJun 7, 2025
📢 Playcrypt : Un groupe de ransomware cible des infrastructures critiques
📝 Depuis juin 2022, **Playcrypt**, un groupe de ransomware, a ciblé diverses entreprises et infrastructures critiques à travers l'**Amérique du Nord**,...
📖 cyberveille : https://cyberveille.ch/posts/2025-06-05-playcrypt-un-groupe-de-ransomware-cible-des-infrastructures-critiques/
🌐 source : https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ransomware
#FBI #Playcrypt #Cyberveille
Playcrypt : Un groupe de ransomware cible des infrastructures critiques

Depuis juin 2022, Playcrypt, un groupe de ransomware, a ciblé diverses entreprises et infrastructures critiques à travers l’Amérique du Nord, l’Amérique du Sud et l’Europe. En 2024, il est devenu l’un des groupes de ransomware les plus actifs. Le FBI a identifié environ 900 entités qui auraient été exploitées par ces acteurs de ransomware jusqu’en mai 2025. Cela souligne l’ampleur et la portée des attaques menées par Playcrypt, affectant potentiellement des secteurs critiques et des entreprises variées.

CyberVeille
CycloneJun 5, 2025

FBI: Over 900 Organizations Hit by Play Ransomware, SimpleHelp Exploits and ESXi Variants Used

https://forum.hashpwn.net/post/642

#playcrypt #ransomware #RaaS #simplehelp #exploit #esxi #hashpwn #cybersecurity #news

gtbarryJan 5, 2024

FBI: Play ransomware breached 300 victims, including critical orgs

The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities

#FBI #CISA #Play #Playcrypt #infrastructure #ransomware #malware #security #cybersecurity #hacking #hackers

https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-300-victims-including-critical-orgs/

FBI: Play ransomware breached 300 victims, including critical orgs

The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities.

BleepingComputer
Sophos X-OpsJan 12, 2023

New bullies on the block: They don’t PLAY nice.

In mid-November 2022, #Sophos X-Ops responded to an incident where PLAY #ransomware, also known as #PlayCrypt, was found in an under-protected environment.

PLAY is a relatively new ransomware variant, first reported in mid-July of 2022. It deploys a variety of commonly abused tools, similar to other Ransomware-as-a-Service (RaaS) deployments such as Hive or Nokoyawa. In this thread we’ll walk through what Sophos X-Ops researchers @bencrypted and @th3_protoCOL saw in their analysis – a process our Rapid Response team observed in reverse, starting their work with this customer when they were called in at the 14-day mark.

The IoCs provided in this writeup are available on our Github: https://github.com/sophoslabs/IoCs.

#threatintel #infosec #ioc #SophosXOps

GitHub - sophoslabs/IoCs: Sophos-originated indicators-of-compromise from published reports

Sophos-originated indicators-of-compromise from published reports - sophoslabs/IoCs

GitHub
Valéry Rieß-Marchive Nov 29, 2022
I've had a look at #Play, aka #PlayCrypt #ransomware. And it seems to me that there is more than meets the eye when it comes to negotiations management. At first, it looks like "just" e-mail. But I suspect there's more to it than just that. More about it in this piece (sorry, it's in French): https://www.lemagit.fr/actualites/252527798/Play-ce-nouveau-ransomware-utilise-contre-les-Alpes-Maritimes-et-ITS-Group
Play, ce nouveau ransomware utilisé contre les Alpes-Maritimes et ITS Group

Les opérateurs de ce rançongiciel ont attendu la fin novembre pour commencer à épingler publiquement leurs victimes et à en divulguer des données. Pour autant, ils sont actifs depuis au moins fin juin.

LeMagIT.fr