Play attacks Globalcaja

Incident Date:

June 1, 2023

World map



Play attacks Globalcaja






Albacete, Spain

, Spain

First Reported

June 1, 2023

Play Ransomware Gang Attacks Globalcaja

Play ransomware gang has attacked Globalcaja. Globalcaja confirmed on June 2nd that it suffered a ransomware attack on some of its local systems. Play ransomware gang has claimed responsibility for the incident. Globalcaja, a bank headquartered in Albacete, Spain, reported in a Twitter post that the attack occurred June 1st, prompting the company to initiate security protocols.

Globalcaja claims the attack didn’t compromise any client accounts or agreements, nor did it affect the functioning of its electronic banking platform, Ruralvia. Customers can reportedly still safely conduct their financial operations both online and at ATMs. Globalcaja temporarily disabled certain office workstations to contain the breach and limit impacts.

About Play Ransomware

Play ransomware (aka PlayCrypt) is a newer ransomware group that emerged in the summer of 2022 with high-profile attacks on the City of Oakland, Argentina's Judiciary and German hotel chain H-Hotels. Play has similarities to Hive ransomware and is known to leverage tools like Cobalt Strike for post-compromise lateral movement and SystemBC RAT for persistence, as well as Mimikatz and living-off-the-land binaries (LOLBins) techniques. There is little information on how much Play demands for a ransom, but they have thus far made good on their threats to leak the data of those who refuse payment.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.