Play

Reports
29
First seen
May 13
Last seen
Jun 26
Motivation
extortion, financial, financial extortion

Targeting

Sectors
manufacturing ×5retail ecommerce ×3other ×3professional services ×2transportation logistics ×2hospitality ×2telecommunications ×1technology ×1
Victim regions
United States ×8Netherlands ×2

Top ATT&CK techniques

T1021.001 Remote Services: Remote Desktop Protocol ×2T1562.001 Impair Defenses: Disable or Modify Tools ×2T1021.002 Remote Services: SMB/Windows Admin Shares ×1T1003.006 OS Credential Dumping: DCSync ×1T1136.001 Create Account: Local Account ×1T1204.002 User Execution: Malicious File ×1T1047 Windows Management Instrumentation ×1T1560.001 Archive Collected Data: Archive via Utility ×1T1112 Modify Registry ×1T1110 Brute Force ×1T1078 Valid Accounts ×1T1036 Masquerading ×1

Indicators

filename ×40domain ×31hash_sha256 ×10hash_sha1 ×10hash_md5 ×10ip_v4 ×4url ×2registry_key ×1

Indicator values are available on Pro and via the API.

Recent reports

High

Play ransomware gang claims Benchmark Industrial Supply

ransomware.live
Medium

Play ransomware gang claims victim: Greg Crosslin

ransomware.live
High

Play ransomware gang publishes Integrated Technologies as victim

ransomware.live
High

Play ransomware gang publishes eurOptimum as victim

ransomware.live
High

Play ransomware gang publishes Mundt and Associates as victim

ransomware.live
High

Play ransomware gang publishes Rainbow Distributors USA as victim

ransomware.live
High

Play ransomware group claims Pearson Ford victim

ransomware.live
High

Play ransomware gang publishes Urschel Laboratories as victim

ransomware.live
High

Play ransomware gang publishes Dallis Law Firm as victim

ransomware.live
Medium

Play ransomware gang publishes The Chapel as new victim

ransomware.live
High

Play ransomware gang claims Corley MFG victim

ransomware.live
High

Play ransomware claims victim: Digitall Graphics

ransomware.live
High

Play ransomware group publishes Hightower Communications as victim

ransomware.live
High

Play ransomware posts GW Mechanical victim

ransomware.live
High

Play ransomware gang publishes NL Fisher as victim

ransomware.live
High

Play ransomware group publishes Round Hill Country Club as victim

ransomware.live
High

Play ransomware gang publishes Legend Networking & Telecom as victim

ransomware.live
High

Play ransomware gang publishes MyPillow as victim

ransomware.live
High

Play ransomware gang publishes De Waard Transport as victim

ransomware.live
High

Play ransomware claims Zuther Hautmann as victim

ransomware.live
High

Play ransomware gang publishes Infoworld Membership Systems as victim

ransomware.live
High

Play ransomware claims Town Car International as victim

ransomware.live
High

Play ransomware claims Northern Mechanical Contractors victim

ransomware.live
High

Play ransomware gang publishes ACC Construction as victim

ransomware.live
High

Play ransomware publishes IWC Food Service as victim

ransomware.live
High

Play ransomware group claims Ashcroft Homes as victim

ransomware.live
High

Play ransomware gang publishes DURAND-WAYLAND as victim

ransomware.live
Critical

Ransomware Affiliate Campaign Links Play, RansomHub, and DragonForce Groups

The DFIR Report
High

Time to Ransom is Money: Analyzing Ransomware Deployment Timelines

Huntress Blog

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.