The Play ransomware group has impacted around 300 entities as of October 2023, according to joint cybersecurity advisory from Australia and the U.S. Play ransomware employs a double-extortion model, encrypting systems after stealing data and affecting both domestic and international businesses. Threat actors are increasingly exploiting vulnerabilities and moving away from using phishing emails to infect systems. The Play ransomware has transformed into a ransomware-as-a-service (RaaS) operation and uses both public and bespoke tools for attacks.
Hamilton’s city manager predicts the city will come out stronger following a cyber incident. The city has implemented new cybersecurity measures and believes the incident