Play
Play is a ransomware group that has been active since at least 2022 deploying Playcrypt ransomware against the business, government, critical infrastructure, healthcare, and media sectors in North America, South America, and Europe. Play actors employ a double-extortion model, encrypting systems after exfiltrating data, and are presumed by security researchers to operate as a closed group.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
2 mentions · 1 source"Play, a Russian-language ransomware operation that has affected more than 900 organizations since 2022, posted to its dark-web leak site on Monday claiming it had pulled "private and personal confidential data, clients' documents, budget, payroll, IDs, taxes," and other financial records from MyPillow."
Hedge terms observed