Research highlights ongoing threat of Play ransomware linked to North Korean group

forbes.com January 11, 2025, 03:00 PM UTC

New research highlights the ongoing threat of Play ransomware, first detected in 2022. It has caused over 300 successful attacks globally and is linked to a North Korean state-sponsored group. The ransomware encrypts files with a ".PLAY" extension. Attackers gain access by exploiting vulnerabilities in services like Microsoft Exchange and Fortinet's FortiOS. They use port scanning to gather system information and escalate privileges for further attacks. This method complicates detection efforts. The FBI warns organizations about the risks of Play ransomware and recommends mitigation strategies. The ransomware not only encrypts data but also exfiltrates information to demand ransom through leak sites.


With a significance score of 3.9, this news ranks in the top 9% of today's 17273 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 8000 minimalists.