(844) 627-8267
(844) 627-8267

Sydney engineering firm allegedly hit by Play ransomware attack | #ransomware | #cybercrime

Sydney engineering firm allegedly hit by Play ransomware attack

The Play ransomware gang has threatened to post the data of a Sydney-based engineering firm after claiming to have stolen an unknown amount of the company’s data.

Algorry Zappia & Associates was added to Play’s darknet leak site, with Play stating that the data from the engineering firm will be published on 16 August – presumably if the company refuses to pay a ransom.

The company lists a number of its projects on its website, including multi-level apartment buildings, warehouses, and service stations. Algorry Zappia’s website also hosts a number of online services, including invoice payments, building inspections, and secure documents transfer.

This could easily hint at the kind of data the Play group may well have exfiltrated, and that could be published this week. The group claims to have “private and personal confidential data, clients and employee documents”, as well as financial details.

The Play gang’s earliest operations date back to June 2022, though some of the group’s operations and infrastructure do resemble that of the Nokoyawa and Hive ransomware operators.

Many of the group’s targets are South American, with Argentina’s Judiciary of Cordoba one of the most affected victims. Play targeted the judiciary in August 2022 in what a local news outlet called the “worst attack on public institutions in history”.

The group uses a pair of ProxyNotShell vulnerabilities to gain initial access to Microsoft exchange environments, before elevating access and building persistence on a network. Play leaves a very simple ransomware note, simply sharing the name “play” and an email address to contact for negotiations.

Play’s most recent victims include organisations from the US, Germany, and Canada. The group also recently published the data of Australian adult product distributor AAPD, including client data, employee details, and financial records. The data was added to Play’s leak site on 1 August and subsequently posted on 6 August.

Cyber Security Connect has reached out to Algorry Zappia for comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

Sydney engineering firm allegedly hit by Play ransomware attack


cybersecurity logo

Last Updated: 14 August 2023

Published: 14 August 2023

Source link

National Cyber Security