StopRansomware: Play Ransomware
Essential information
- Published
- 05/06/2025 13:24
- Modified
- 05/06/2025 13:46
- Tags
- 2025-06-05 CVE-2018-13379 CVE-2020-12812 CVE-2022-41040 CVE-2022-41082 CVE-2024-57727 grixba play ransomware systembc
- Related entities
- 5 vulnerabilities (cve), 8 observables, 1 intrusion sets (apt), 3 techniques (mitre), 3 malware, 3 others
Description
The Play ransomware group has been actively targeting businesses and critical infrastructure across North America, South America, and Europe since June 2022. They gain initial access through exploiting vulnerabilities, using stolen credentials, and leveraging remote access services. The group employs a double extortion model, encrypting systems after data exfiltration. Play ransomware uses AES-RSA hybrid encryption and intermittent encryption techniques. The actors use various tools for network discovery, credential theft, and lateral movement. Organizations are advised to implement robust security measures including multifactor authentication, regular patching, network segmentation, and maintaining offline backups to mitigate the risk of ransomware attacks.