Updated Guidance on Play Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection.
Since June 2022, Playcrypt has targeted diverse businesses and critical infrastructure across North America, South America, and Europe, becoming one of the most active ransomware groups in 2024. The FBI has identified approximately 900 entities allegedly exploited by these ransomware actors as of May 2025.
Recommended mitigations include:
- Implementing multifactor authentication;
- Maintaining offline data backups;
- Developing and testing a recovery plan; and
- Keeping all operating systems, software, and firmware updated.
Stay vigilant and take proactive measures to protect your organization.
This product is provided subject to this Notification and this Privacy & Use policy.