<<< Hide Navigation Hide TOC >>>
Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e)
Playcrypt is a ransomware that has been used by Play since at least 2022 in attacks against against the business, government, critical infrastructure, healthcare, and media sectors in North America, South America, and Europe. Playcrypt derives its name from adding the .play extension to encrypted files and has overlap with tactics and tools associated with Hive and Nokoyawa ransomware and infrastructure associated with Quantum ransomware.(Citation: Microsoft PlayCrypt August 2022)(Citation: CISA Play Ransomware Advisory December 2023)(Citation: Trend Micro Ransomware Spotlight Play July 2023)
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) | Attack Pattern | Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e) | Malware | 1 |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) | Attack Pattern | Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e) | Malware | 1 |
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e) | Malware | 1 |