FBI Security Warning: Play Ransomware Hits 900 Organizations, Some Critical

The FBI has announced that the Play ransomware gang has masterminded several sophisticated cyberattacks, which have compromised key security infrastructures in about 900 organizations in Europe, North America, and South America.

The Play ransomware gang, which became infamous for compromising the security infrastructures of businesses and organizations in 2022, is currently on a wild rampage and every business owner should be aware of its antics. What’s alarming about the gang's recent hacking exploits is the notable increase in its attacks. The FBI had reported that the gang compromised 300 victims in 2023, but the recent update reveals that this number has risen to nearly 900 organizations in 2025.

The gang primarily operates by using a ransomware-as-a-service (RaaS) model. Before unleashing RaaS on their victims, the gang typically steals sensitive data and implements a custom VSS copying tool. Unlike other ransomware gangs, however, the Play gang uses email for negotiations.

The Play ransomware gang is similar to the Clop ransomware gang, which has also gained notoriety for compromising the security infrastructures of organizations and causing wide scale data breaches. Both gangs use sophisticated techniques to encrypt and exfiltrate data. Also, they are infamous for demanding ransom and threatening to sell or publish sensitive data on their dark web leak site.

The high success rate and threat posed by the Play gang made it one of the most active ransomware groups in 2024.

If you own a business or head an organization, tips from the joint Cybersecurity Advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) can help protect key systems against the gang’s malicious activities. In the advisory, organizations are reminded to update systems and patch against known zero-day vulnerabilities. Additionally, Emails, VPN and other core systems should be protected with multi-factor authentication.