In a recent joint cybersecurity advisory released with its Australian partners, the FBI announced that the Play ransomware group has attacked over 900 organizations since May 2025. “As of May 2025, FBI was aware of approximately 900 affected entities allegedly exploited by the ransomware actors,” the FBI said.
Triple growth in three years
The number has tripled; in 2023, the figure was 300. This highlights the group’s rapid growth of attacking capabilities and compromise of new flaws.
Since 2022, the Playgroup, aka Playcrypt, has launched attacks across Europe, North America, and South America. The victims are diverse, ranging from MNCs to public sector agencies to areas of critical infrastructure.
The Play ransomware differs due to its strategic use of manual-coded malware for each compromise. The constant configuration of attacks and retooling increases the group’s efficiency by helping it avoid getting caught.
In a few cases, the group has strengthened attack tactics by contacting victims directly and asking for ransom for not leaking their data.
Members of the infamous cybercrime syndicate have also compromised various newly found flaws (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) in remote monitoring and management software, deployin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.