Play (hacker Group)
   HOME

TheInfoList



Click Here for Items Related To - Play (hacker Group)
OR:
Play (hacker Group) on:   [Wikipedia]   [Google]   [Amazon]

Play (also Play Ransomware or PlayCrypt) is a
hacker group Hacker groups are informal communities that began to flourish in the early 1980s, with the advent of the home computer. Overview Prior to that time, the term ''hacker'' was simply a referral to any Hacker (hobbyist), computer hobbyist. The hacker ...
responsible for
ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...
extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, Brazil, Argentina, Germany, Belgium and Switzerland. Security experts suspect that the group has links to Russia, since the
encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
techniques used are similar to those used by other Russian-linked ransomware groups such as Hive and Nokoyawa. The name "play" comes from the ".play"
file extension File or filing may refer to: Mechanical tools and processes * File (tool), a tool used to remove fine amounts of material from a workpiece. ** Filing (metalworking), a material removal process in manufacturing ** Nail file, a tool used to gen ...
that the group uses to encrypt their victims' data, leaving a message containing the word "PLAY" and an email address.


History

In 2022, Play carried out a major attack on the Argentine judiciary of Córdoba. In 2023, Play carried out a wave of attacks on Switzerland. At the end of March, the newspaper ''
Neue Zürcher Zeitung The (''NZZ''; "New Newspaper of Zurich") is German language daily newspaper, published by NZZ Mediengruppe in Zurich. The paper was founded in 1780. It has a reputation as a high-quality newspaper, as the German Swiss newspaper of record ...
'' was attacked, leading to the penetration of the systems of its service provider, CH-Media. This enabled Play to extract the addresses of over 400,000 Swiss citizens living abroad who had subscribed to the official newspaper for Swiss expatriates, '. In the same month, a
Valais Valais ( , ; ), more formally, the Canton of Valais or Wallis, is one of the cantons of Switzerland, 26 cantons forming the Switzerland, Swiss Confederation. It is composed of thirteen districts and its capital and largest city is Sion, Switzer ...
community fell victim. In May/June, there was a massive hacker attack on an IT service provider of the
Federal administration of Switzerland The federal administration of Switzerland is the ensemble of agencies that constitute, together with the Swiss Federal Council, the executive branch of the Switzerland, Swiss federal authorities. The administration is charged with executing ...
and confidential data, including financial data and tax information, was stolen for extortion. Various state-owned companies were affected.


News

In April 2025, Play ransomware exploited Windows logging flaw in zero-day attacks. The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability, tracked as CVE-2025-29824, was tagged by Microsoft as exploited in a limited number of attacks and patched during last month's Patch Tuesday (April, 2025 Patch).{{Cite web , title=Play ransomware exploited Windows logging flaw in zero-day attacks , url=https://www.bleepingcomputer.com/news/security/play-ransomware-exploited-windows-logging-flaw-in-zero-day-attacks/ , access-date=2025-05-25 , website=BleepingComputer , language=en-us


References

Hacker groups