Over 900 Organizations Hit by Play-Ransomware: FBI
By Netvora Tech News
The FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre have revealed that over 900 organizations, including those in critical infrastructure, have been targeted by the Play-ransomware.
Scope of the Attacks
The affected organizations include the municipality of Antwerp, Dutch maritime services provider Royal Dirkzwager, and housing corporation Woonkracht10. The authorities issued a warning about the Play-ransomware late in 2023, but have now provided an update.The attackers exploit compromised accounts and known vulnerabilities to gain access to the systems of targeted organizations. This includes well-known security weaknesses in FortiOS, Microsoft Exchange, and SimpleHelp.
Motivations and Tactics
Once access to a network is gained, attackers disable antivirus software and delete log files. They also attempt to intercept login credentials, allowing them to spread laterally within the network. Before deploying the ransomware, the attackers steal sensitive files. If the targeted organization fails to pay the ransom, the attackers threaten to release the stolen data.The attackers use separate email addresses, ending in gmx.de or web.de, to communicate with each victim. Some victims are also contacted by phone, with the attackers threatening to release sensitive information unless the ransom is paid.
Advice to Avoid Attacks
The authorities advise organizations to prevent Play-ransomware attacks by:- Addressing known vulnerabilities in their systems
- Enabling multifactor authentication (MFA) for all accounts, particularly for VPN, webmail, and accounts with access to critical systems
- Installing security updates in a timely manner
- Scanning for vulnerabilities
Comments (0)
Leave a comment