THREAT ACTOR: Play
Play ransomware mainly works in the Latin American region targeting government entitles. This ransomware’s name was derived from its behavior, as it adds the extension “.play” after encrypting files. Its ransom note also contains the single word, “PLAY,” and the ransomware group’s contact email address
Incidents Associated with this Threat
- December 2, 2022: Ransomware Attack for Cloud Provider, Rackspace
Malware Used by this Threat Actor
No malware identified for this threat actor.