| Category | Details |
|---|---|
| Threat Actors | Play Ransomware Group. |
| Campaign Overview | Cybercriminal group behind several major ransomware attacks, focusing on data encryption or exfiltration for ransom. |
| Target Regions (Or Victims) | Dallas County, Swiss government, Arnold Clark, Judiciary of Cordoba, Microsoft Cuba, City of Oakland. |
| Methodology | Breaches via FortiOS vulnerabilities (CVE-2020-12812, CVE-2018-13379), exposed RDP servers, Group Policy Objects for ransomware deployment. |
| Product targeted | Organizations across various sectors (government, private sector). |
| Malware Reference | Play ransomware (file encryption). |
| Tools Used | Group Policy Objects for ransomware deployment, intermittent encryption technique. |
| Vulnerabilities Exploited | CVE-2020-12812, CVE-2018-13379 (FortiOS vulnerabilities), exposed RDP servers. |
| TTPs | Intermittent encryption to evade detection, encryption of selective file parts, ransom demand, and data exfiltration. |
| Attribution | Play Ransomware Group (No clear state affiliation; criminal group). |
| Recommendations | Use access controls, deploy endpoint protection, update systems regularly, implement contingency plans. |
| Source | Check Point |
Read full article: https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/play-ransomware-group-detection-and-protection/
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply