Play Ransomware Gang Attacks Globalcaja

Play ransomware gang has attacked Globalcaja. Globalcaja confirmed on June 2nd that it suffered a ransomware attack on some of its local systems. Play ransomware gang has claimed responsibility for the incident. Globalcaja, a bank headquartered in Albacete, Spain, reported in a Twitter post that the attack occurred June 1st, prompting the company to initiate security protocols.

Globalcaja claims the attack didn’t compromise any client accounts or agreements, nor did it affect the functioning of its electronic banking platform, Ruralvia. Customers can reportedly still safely conduct their financial operations both online and at ATMs. Globalcaja temporarily disabled certain office workstations to contain the breach and limit impacts.

About Play Ransomware

Play ransomware (aka PlayCrypt) is a newer ransomware group that emerged in the summer of 2022 with high-profile attacks on the City of Oakland, Argentina's Judiciary and German hotel chain H-Hotels. Play has similarities to Hive ransomware and is known to leverage tools like Cobalt Strike for post-compromise lateral movement and SystemBC RAT for persistence, as well as Mimikatz and living-off-the-land binaries (LOLBins) techniques. There is little information on how much Play demands for a ransom, but they have thus far made good on their threats to leak the data of those who refuse payment.