CISA, FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. The alert outlines newly observed tactics, techniques, and procedures used by the group, along with updated indicators of compromise (IOCs) to help organizations strengthen their threat detection capabilities. Active since June 2022, Playcrypt has rapidly become one of the most active ransomware groups of 2024, targeting a wide range of businesses and critical infrastructure across North and South America, as well as Europe. As of May 2025, the FBI has identified approximately 900 entities compromised by the group’s attacks. To mitigate the threat, organizations are urged to implement multifactor authentication, maintain offline backups, develop and test recovery plans, and keep all operating systems and software up to date. Vigilance and proactive cybersecurity measures remain essential in defending against evolving ransomware threats like Playcrypt. For more details, refer to the updated guidance on Play Ransomware.