UPDATED 19:41 EST / AUGUST 16 2022

SECURITY

Argentina judiciary targeted by new ‘Play’ ransomware group

Argentina’s Judiciary of Córdoba has been forced to suspend its information technology services after being targeted in a ransomware attack.

The attack is reported to have taken place on Aug. 13 and involves a fairly new ransomware group going by the name of “Play.” Bleeping Computer reported Monday that as a result of the attack, judiciary employees have been forced to resort to using pen and paper to create and process official documents.

The judiciary has confirmed the attack, describing it as the “worst attack on public institutions in history.” The organization said that it had engaged local specialists as well as Microsoft Corp., Cisco Systems Inc. and Trend Micro Inc. to assist in recovering its systems.

Play ransomware first appeared in June and gets its name from the methodology of its attacks. The group encrypts files and adds a .play extension to them. Interestingly, those behind the attack do not provide a typical ransomware demand or note, instead leaving a message to victims that simply says “PLAY” and includes an email address to contact the attackers.

Upon then contacting Play, ransomware demands are made. PCRisk noted earlier this month that Play victims often do not receive the necessary tools to decrypt their data despite meeting demands.

“Although details are still emerging about how ‘Play’ breached the agency’s network, there is no indication that any data was stolen in the attacks,” Josh Rickard, senior security automation architect at low-code security automation company Swimlane Inc., told SiliconANGLE.

“Local government organizations’ abundance of sensitive information and often-limited cybersecurity resources have made them a relatively easy target for ransomware gangs,” Rickard explained. “These groups leverage this information to their benefit, which unfortunately means local citizens are the victims.”

Although the attack vector has not been disclosed, Jelle Wieringa, security awareness advocate at security awareness training company KnowBe4 Inc., believes that the attackers likely obtained access to the judiciary network through a phishing attack based on email addresses obtained through the Globant data leak in March.

“The Judiciary has had plenty of time to take appropriate measures to train their users and increase their security posture to maximize the chances of mitigating an attack,” Wieringa noted. “Even though ransomware attacks seem to be commonplace nowadays, we should not underestimate the risk and likelihood of falling victim to one. And we should take appropriate measures to minimize the risks involved.”

Photo: Carlos Zito/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU