Play attacks Globalcaja
Incident Date:
June 1, 2023
Overview
Title
Play attacks Globalcaja
Victim
Globalcaja
Attacker
Play
Location
First Reported
June 1, 2023
Play Ransomware Gang Attacks Globalcaja
Play ransomware gang has attacked Globalcaja. Globalcaja confirmed on June 2nd that it suffered a ransomware attack on some of its local systems. Play ransomware gang has claimed responsibility for the incident. Globalcaja, a bank headquartered in Albacete, Spain, reported in a Twitter post that the attack occurred June 1st, prompting the company to initiate security protocols.
Globalcaja claims the attack didn’t compromise any client accounts or agreements, nor did it affect the functioning of its electronic banking platform, Ruralvia. Customers can reportedly still safely conduct their financial operations both online and at ATMs. Globalcaja temporarily disabled certain office workstations to contain the breach and limit impacts.
About Play Ransomware
Play ransomware (aka PlayCrypt) is a newer ransomware group that emerged in the summer of 2022 with high-profile attacks on the City of Oakland, Argentina's Judiciary and German hotel chain H-Hotels. Play has similarities to Hive ransomware and is known to leverage tools like Cobalt Strike for post-compromise lateral movement and SystemBC RAT for persistence, as well as Mimikatz and living-off-the-land binaries (LOLBins) techniques. There is little information on how much Play demands for a ransom, but they have thus far made good on their threats to leak the data of those who refuse payment.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.