Play Ransomware
Contents
Webinar
March 27
Malware Analysis in ANY.RUN
Detect malware in 40 seconds & collect IOCs in real-time
Play aka PlayCrypt ransomware group has been successfully targeting corporations, municipal entities, and infrastruction all over the world for about three years. It infiltrates networks via software vulnerabilities, phishing links and compromised websites. The ransomware abuses Windows system services to evade detection and maintain persistence. Play encrypts user files and steals sensitive data while demanding a ransom.
|
Ransomware
Type
:
|
Unknown
Origin
:
|
|
1 March, 2022
First seen
:
|
10 February, 2025
Last seen
:
|
|
Type
:
|
Unknown
Origin
:
|
|
1 March, 2022
First seen
:
|
10 February, 2025
Last seen
:
|
Play aka PlayCrypt is relatively new yet already notorious ransomware group active since mid-2022. It has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe.
It is based on double extortion technique and has intermittent encryption as its signature feature. Partial encryption is completed much faster, besides, it prevents detection by security solutions that monitor files for extensive modifications.
It infiltrates the targeted system …
March 27
Malware Analysis in ANY.RUN
Detect malware in 40 seconds & collect IOCs in real-time
Play aka PlayCrypt ransomware group has been successfully targeting corporations, municipal entities, and infrastruction all over the world for about three years. It infiltrates networks via software vulnerabilities, phishing links and compromised websites. The ransomware abuses Windows system services to evade detection and maintain persistence. Play encrypts user files and steals sensitive data while demanding a ransom.
|
Ransomware
Type
:
|
Unknown
Origin
:
|
|
1 March, 2022
First seen
:
|
10 February, 2025
Last seen
:
|
|
Type
:
|
Unknown
Origin
:
|
|
1 March, 2022
First seen
:
|
10 February, 2025
Last seen
:
|
Play aka PlayCrypt is relatively new yet already notorious ransomware group active since mid-2022. It has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe.
It is based on double extortion technique and has intermittent encryption as its signature feature. Partial encryption is completed much faster, besides, it prevents detection by security solutions that monitor files for extensive modifications.
It infiltrates the targeted system …