Ransom Attack Exposed Sensitive Data of More Than 60,000 People or Documents
The notorious PLAY Ransomware gang has once again made headlines after the FBI identified them as responsible for targeting over 300 organizations and leaking 65,000 documents from Swiss government authorities.
What’s Happening & Why This Matters
The National Cyber Security Centre (NCSC) has confirmed the data breach, after the Play ransomware group accessed and released sensitive information belonging to various government entities through a technology service provider in May 2023. The group initially released some of the stolen data on June 1st, 2023, demanding ransom for the decryption of files and threatening to expose sensitive information if their demands were not met.
The leaked data includes passwords, personal details, and classified files from entities like the federal department of justice and police, the State Secretariat for Migration, and the Internal IT services associated with the Federal Office of the Police.
t/f Summary: What’s Next
The Swiss government launched an investigation in response to the breach in August 2023, faced with the challenge of deciphering the extent of the cyber incident due to the vast amounts of unstructured data.
The FBI’s report in November 2022 also highlighted the group’s shift towards targeting government networks and selling acquired data to state-funded criminal organizations operating on behalf of adversarial nations such as North Korea, Iran, China, and Russia.