PLAY announced 8 new victims across 4 different countries, the UK, Canada, the US, and Germany. According to the original post, PLAY gave the victims a 3-day deadline to contact them and complete negotiations.
PLAY is a relatively new cybercriminal organization, only been in business for less than 2 years. Despite that, the extortion ring built a solid reputation for itself. This is most likely due to its success and the “guaranteed secrecy” policy.
The hackers won’t publish any sensitive data in their original post, aside from the basic announcement. They also won’t share details regarding the value of the ransom, how much data they’ve stolen, or the type of data in their possession.
Experts theorize that this type of confidentiality has contributed to PLAY’s success over time. Aside from the organization’s impeccable tactics and MOs.
The double-extortion practice also weighs heavily in that sense. This tactic involves encrypting the victim’s files and stealing as much confidential data as is available. The hackers will then have double leverage to use during negotiations.
Also, note that there are no decryption keys for PLAY at the moment.
If you’re a private individual, you’re unlikely to qualify as a viable target for PLAY or any other ransomware group. But if you’re a business owner, you do. So, what should you know about ransomware attacks and about protecting yourself against actors like PLAY?
The most important thing is that prevention is key. Once you’ve been breached, it’s already too late. In this sense, the standard recommendation is to work with cybersecurity experts to strengthen your cyber-defense.
The next thing in line is understanding your value. You need to understand that no defense is impregnable and that you might be breached, despite all your preventive measures. What will you do if that happens?
You need to understand beforehand if it’s worth paying the ransom or whether you can afford to have your data leaked to the public. There is no right answer for everyone; it all depends on your business’s profile and the nature of the leaks.
Overall, experts recommend adopting a no-negotiation policy. Never contact the hackers and never reach any deals. Paying the ransom only guarantees that you’ll be marked as a “payer.” This means that you’ll be targeted again in the future.
Plus, paying the ransom doesn’t guarantee that the hackers will actually delete the data. You have no way of verifying that. In most cases, they either share or sell the trophy data to other cybercriminal groups.
These will end up extorting you again weeks or months later or use the data in even more nefarious ways. But, as we’ve mentioned before, the ultimate decision is up to you.
We believe security online security matters and its our mission to make it a safer place.