-
The PLAY ransomware has included US-based gaming organization J&J Gaming among victims of data breach, claiming that it has stolen confidential information belonging to the company.
-
The organization has not yet admitted to the hacking, and there is no confirmation about the data breach, if it occurred.
-
The data breach follows PLAY ransomware’s pattern of targeting several organizations from different industries using the same method.
The PLAY ransomware gang reportedly took responsibility for an attack on J&J Gaming, which is a company in the United States offering gaming and amusement attractions and related services.
PLAY included this company among others in the list of companies whose confidential data they’ve compromised and whose information they’re going to leak unless the victims meet their demands.
So far, this claim is yet to be verified, since there is no other evidence of any attack apart from the listing of the company on the leak website by PLAY. The ransomware group has also not uploaded any files that confirm the extent of the attack.
Meanwhile, J&J Gaming has yet to provide any kind of confirmation that they witnessed a ransomware attack or a data breach. So it’s still unclear as to whether the hackers encrypted the company’s systems, stole data, or whether it affected employees or customers.
Details of the Hackers’ Claims
What PLAY posted on their leak site includes only a short message about the purported hack. Also, they added a deadline; according to the post, the group will publish the data online if J&J refuses to negotiate and pay up by July 7.
The hackers mentioned having obtained confidential data from the company, but did not say anything about the specific files or data size.
There is still no confirmation that hackers accessed any client information, company financial documents, contracts, employee personal data, or other sensitive information. Also, the hacker group didn’t provide any sample files to back their claims.
Thus, many crucial questions remain unanswered. It is not clear if the hackers gained access to the internal systems of the company, whether the hackers copied the data before the alleged hack, or whether there is any negotiation process going on between the company and the hackers.
Ransomware groups typically use leak site listings to signal that they have targeted an organization. Still, cybersecurity specialists warn that people shouldn’t consider claims by criminal organizations accurate unless independent sources or the affected company prove otherwise.
The caution is well-founded; threats targeting gamers and gaming companies have been on the rise, with the FBI recently issuing a warning about a malware campaign targeting Steam users through fake game files.
No Public Statement Issued by the Company
As of June 29, no statement on the reported event has surfaced on J&J Gaming’s official website or social media channels. The customers have not gotten notifications of any data breach, and there are no such filings with the authorities.
In instances where businesses face an attack by ransomware groups, it takes days or even weeks for the organization to investigate the situation and make an announcement to the general public.
Therefore, the absence of information regarding the supposed incident does not signify the breach itself never occurred. It might be that the company has not gathered enough proof to confirm or deny anything.
PLAY is One of the Active Ransomware Groups
PLAY, or PlayCrypt, started operating in 2022 and evolved into one of the active ransomware groups targeting various businesses globally.
This particular ransomware group usually uses a double extortion tactic. Aside from encrypting the files of the victims, this group also tries to steal confidential data. They then demand that the victim pays ransom or else they’ll publish the data online.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and Australian cybersecurity agencies revealed in a joint advisory that by 2025, PLAY had compromised more than 900 organizations worldwide.
PLAY targeted organizations operating in the sphere of healthcare, manufacturing, financial services, government, transportation, education, technology, and consumer services. Alleged breach at J&J Gaming aligns with this trend since this group seems to have no industry preferences.
Furthermore, according to security experts, the PLAY ransomware group uses a range of techniques including the use of stolen credentials, phishing emails, and exploitation of vulnerable internet-facing systems.
