Play ransomware mainly works in the Latin American region targeting government entitles. This ransomware’s name was derived from its behavior, as it adds the extension “.play” after encrypting files. Its ransom note also contains the single word, “PLAY,” and the ransomware group’s contact email address


Incidents Associated with this Threat

  • December 2, 2022: Ransomware Attack for Cloud Provider, Rackspace

Malware Used by this Threat Actor

No malware identified for this threat actor.

Pin It on Pinterest

Scroll to Top
Scroll to Top