By Isabel Pancake
So far, the Russian hacker group “Play Ransomware” has almost exclusively been known to carry out attacks in Switzerland – now it is also targeting Germany with KaDeWe! But who are the cyber criminals?
The name of the group is derived from the file extension “.play”. This encrypts the data of the hacking victims.
“Play” appeared for the first time in 2022: At that time they attacked the Argentine justice system in Córdoba. In March of this year, the hackers attacked the Swiss media companies “CH-Media” and “Neue Zürcher Zeitung” (NZZ) and demanded a ransom for the data!
Because the NZZ did not respond to the demands, the perpetrators published the skimmed data – in the anonymous part of the Internet, the Darknet. This approach is known as a “ransomware attack”.
The internet criminals also targeted the western Swiss community of Saxon in April. The so-called guardianship authority was attacked.
In May, even the Swiss federal administration and several police authorities fell victim to the hackers. However, the perpetrators proceeded differently: They obtained the sensitive data through an attack on the IT service provider “X-Plain” and published it on the darknet.