Ticker

6/recent/ticker-posts

Ransomware: Playcrypt hackers shift into high gear

Ransomware: Playcrypt hackers shift into high gear

The FBI is sounding the alarm about attacks perpetrated by Playcryptt, a hacker gang specializing in ransomware. The group, which also calls itself Play, emerged in 2022 and has targeted "a wide range of businesses and critical infrastructure in North America, South America, and Europe," according to the US federal police.

A gang specializing in double extortion

With its numerous cyberattacks, Playcrypt has established itself as "one of the most active ransomware groups in 2024.". Like most gangs, Play practices double extortion. After stealing a company's data, the hackers deploy their ransomware on the system. This software encrypts files, making them inaccessible.

To regain access to the data, the company must pay a ransom. At the same time, the attackers threaten to publish or delete the stolen data if the ransom is not paid on time. This strategy maximizes the chances of obtaining money from the victim. It also allows them to maintain leverage over companies that have backed up their data.

More than 900 cyberattacks by Playcrypt

Recently, the criminal gang has shifted gears. The FBI has recorded more than 900 intrusions perpetrated by Playcrypt. This is three times more than in October 2023, when the FBI first issued an alert about the hacking group. The actual number of attacks is likely higher. Not all victims bother to contact the authorities.

To remain undetected, the gang uses malware, the code of which is modified as part of each intrusion. This precaution greatly complicates the work of antivirus and security systems, which have difficulty recognizing new variants of the malware. To infect systems, Playcrypt uses tools like Cobalt Strike. The gang also exploited a handful of SimpleHelp vulnerabilities in its attacks. By hacking the remote support software, hackers hacked their way into the computer. Victims of the Play ransomware include cloud company Rackspace, the cities of Dallas, Oakland, and Antwerp, car dealer Arnold Clark, doughnut chain Krispy Kreme, and US chip maker Microchip Technology. The FBI recommends that businesses keep their systems up to date, enable two-factor authentication, and maintain offline backups of their data.

If you find yourself in the sights of a professional extortionist, don't pay the ransom. In many cases, hackers still share stolen data with other hackers, even after payment. A study by Cybereason shows that only one in two victims actually recovers their files by negotiating with the criminals. Worse, businesses that comply with the demand are likely to find themselves hit by ransomware again in the future. Cybercriminals tend to return to those who have cooperated in the past.

Source: CISA.gov

Post a Comment

0 Comments