"PLAY Ransomware Attack Targets Córdoba-Based Judiciary in Argentina"

Argentina's Córdoba Judiciary has shut down its online portal and IT infrastructure following a ransomware attack allegedly carried out by the new PLAY ransomware operation. The downtime necessitates the filing of formal documents on paper. According to a "Cyberattack Contingency Plan," the Judiciary acknowledged that it had been infected by ransomware and worked with Microsoft, Cisco, Trend Micro, and local experts to investigate the incident. As with all ransomware operations, the threat actors broke into the network and encrypted devices. Before encrypting files, the malware appended the .PLAY extension. The PLAY ransom messages are brief and straightforward, in contrast to most ransomware operations, which leave lengthy ransom notes in order to deliver dire warnings to their victims. The ransom note ReadMe.txt, which contains the word "PLAY" and a contact email address, is written at the root of a hard drive (C:). Notes are created in each folder by other ransomware. This article continues to discuss the ransomware attack faced by the Córdoba Judiciary.

CyberIntelMag reports "PLAY Ransomware Attack Targets Córdoba-Based Judiciary in Argentina"