threatintel
actor tracker
Play
Compromiseseverity: High2023-02-08

City of Oakland ransomware attack claimed by Play

published by BleepingComputer
Actor
Play?? · UnknownRansomware

Closed-group ransomware operation (no public affiliate program) active since mid-2022, named for the '.play' extension appended to encrypted files. Heavy exploitation of FortiOS SSL-VPN flaws and Mic…

Summary

The City of Oakland, California disclosed a ransomware attack on 10 February 2023 that took most non-emergency municipal systems offline and prompted a local state of emergency. The Play group listed Oakland on its extortion site on 1 March 2023 and subsequently leaked data including employee personal information; the city later settled litigation covering more than 13,000 affected current and former employees.

Tags

municipaldata-extortionus

Primary source

bleepingcomputer.com

Other Play events