Play Ransomware (Deprecated) (aeafc9f4-e3b4-42ec-a156-4a05f1aa5ea3)
We are no longer maintaining this object in favor of a similar object subsequently published by MITRE: "Playcrypt" (Software). All relevant Tidal content extensions (e.g. additional Technique and Object relationships and metadata) have been added to the MITRE-authored object.
Play is a ransomware operation first observed in July 2022. Security researchers have observed filename, filepath, and TTP overlaps between Play and Hive and Nokayawa ransomwares, which themselves are believed to be linked.[Trend Micro Play Playbook September 06 2022] According to publicly available ransomware extortion threat data, Play has claimed nearly 200 victims from a wide range of sectors on its data leak site since December 2022.[GitHub ransomwatch]