1.) A ransomware group known as “Play” has recently issued a concerning statement. They have threatened to release the personal details of more than 8,600 Dallas County employees on the dark web unless their ransom demands are met. To add weight to their threat, the hackers have shared several screenshots that display personal information belonging to employees from various county departments.
The Play ransomware group is not new to the world of cybercrime and has a history of targeting corporate entities, often demanding large sums of money. In this latest incident, they have successfully infiltrated a government department in the early weeks of October and extracted sensitive employee data.
Dallas County’s IT department chose not to comply with the ransom demands, prompting the Play Ransomware Gang to issue a warning via Telegram. They have threatened to publicly auction the stolen data, leaving the personal information of over 8,000 employees vulnerable to social engineering attacks, such as phishing.
The exact method by which the “Play” group gained access to the network remains uncertain. However, some reports suggest that the breach occurred when the criminals obtained a staff member’s credentials through a brute force attack.
Dallas County officials have committed to taking all necessary steps to prevent such cyber incidents from recurring. They are closely monitoring the situation with the assistance of forensic experts and have implemented measures to mitigate the risks associated with the attack.
It is important to note that the “Play” group is known for disabling anti-malware solutions on target networks, stealing information, and encrypting files. Their modus operandi involves double extortion, where they demand payment from victims under the threat of publishing stolen data. They have a history of exploiting vulnerabilities in ProxyNotShell, OWASSRF, and Microsoft Exchange Servers to install malware. This group is not just an information thief; it can also function as a data wiper with a simple command from the hacker. There are also links between “Play” and now-defunct criminal groups such as Conti and Hive Ransomware, with their encryption code matching that of the Quantum Ransomware group.
2.) In another cyber incident, Stanford University is currently investigating a claim made by the Akira Ransomware group on October 27, 2023. The group stole approximately 430GB of sensitive data, marking another instance of a cyberattack on the university. Earlier in the year, the Clop Ransomware group exposed their theft of information from Stanford through a server compromise. In 2021, the university fell victim to a digital infiltration when hackers exploited a vulnerability in Accelion FTA to gain access to its servers.
3.) Lastly, the White House is in the process of formulating a policy to share ransomware-related data with its international allies. This policy will encompass information about collected ransoms, attribution of the attacks, and the associated risks. It will also emphasize that victims should refrain from paying ransoms, as such payments encourage criminal activities and do not guarantee the return of decryption keys.