StopRansomware: Play Ransomware

SUMMARY :

The Play ransomware group has been actively targeting businesses and critical infrastructure across North America, South America, and Europe since June 2022. They gain initial access through exploiting vulnerabilities, using stolen credentials, and leveraging remote access services. The group employs a double extortion model, encrypting systems after data exfiltration. Play ransomware uses AES-RSA hybrid encryption and intermittent encryption techniques. The actors use various tools for network discovery, credential theft, and lateral movement. Organizations are advised to implement robust security measures including multifactor authentication, regular patching, network segmentation, and maintaining offline backups to mitigate the risk of ransomware attacks.

OPENCTI LABELS :

ransomware,systembc,grixba,play,cve-2022-41082,cve-2018-13379,cve-2020-12812,cve-2022-41040,cve-2024-57727


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


StopRansomware: Play Ransomware