Play ransomware (also known as PlayCrypt) is a new ransomware operation that launched in June 2022. The operation has amassed a steady stream of victims across the world. Play has recently been in the news for attacking Argentina�s Judiciary of Cordoba and the German hotel chain �H-Hotels�. Play�s attacks focus on organizations in the Latin American region � Brazil being their primary target. They have also been observed deploying attacks on India, Hungary, Spain, and the Netherlands.

Play is known for their big game hunting tactics, such as using Cobalt Strike for post-compromise and SystemBC RAT for persistence. They have recently started exploiting the ProxyNotShell vulnerabilities in Microsoft Exchange. The group also has similar tactics and techniques to the ransomware groups Hive and Nokoyawa, leading researchers to believe Play is operated by the same people. Let�s take a look at Play ransomware, their tactics and techniques, as well as how organizations can protect themselves from this kind of threat actor.

https://explore.avertium.com/resource/an-in-depth-look-at-play-ransomware