Play Ransomware Hit 900 Victims, FBI Says in Warning

The Play ransomware group has compromised approximately 900 organizations worldwide as of May 2025, according to an updated joint advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre. The figure marks a threefold increase compared to the number of victims reported in October 2023, underscoring the gang’s accelerating activity.

The advisory, which builds on previous threat intelligence, highlights that the ransomware group has targeted a broad range of organizations, including critical infrastructure sectors. The FBI did not specify which sectors or regions were most affected but emphasized the scale and pace of the intrusions.

Play ransomware has become one of the more prolific cybercriminal groups, leveraging encryption and data theft to extort victims. Authorities continue to urge organizations to bolster defenses, implement incident response plans, and report intrusions to law enforcement promptly to mitigate further impact.