Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly as a result of the new ‘Play’ ransomware operation.

In a ‘Cyber-attack Contingency Plan‘ shared by Cadena 3, the Judiciary confirmed that it was hit by ransomware and engaged with Microsoft, Cisco, Trend Micro and local specialists to investigate the attack.

Clarín reports that sources said the attack affected the Judiciary’s IT systems and its databases, making it the “worst attack on public institutions in history.”

While the Judiciary has not disclosed details of the attack, journalist Luis Ernest Zegarra tweeted that they were hit by ransomware that appends the “.Play” extension to encrypted files.

This extension is associated with the new ‘Play’ ransomware operation that launched in June 2022, when victims began describing their attacks in the BleepingComputer forums.

Like all ransomware operations, the threat actors will compromise a network and encrypt devices. When encrypting files, the ransomware will append the .PLAY extension.

It is unknown how Play breached the Judiciary’s network, but a list of employee email addresses was leaked as part of the Lapsus$ breach of Globant in March, which may have allowed threat actors to conduct a phishing attack to steal credentials.

This is not the first time a government agency in Argentina suffered a ransomware attack. In September 2020, the Netwalker ransomware gang attacked the Dirección Nacional de Migraciones and demanded a $4 million ransom.

Return to Security Journal Americas NEWS INDEX