Threat Database Ransomware Play Ransomware

Play Ransomware

The Play Ransomware is a threat designed exclusively to lock the data of its victims. The utilized cryptographic algorithm is strong enough to make the restoration of the affected files practically impossible without having the necessary decryption keys. The operators of this malware typically try to extort the victims for money in exchange for providing a decryptor software tool.

The Play threat follows the established ransomware behavior. It marks each encrypted file by appending a new file extension to that file's original name. Indeed affected users will notice that nearly all of their documents, photos, images, archives, databases, and more, now have '.PLAY' attached to their names. After locking all targeted file types on the system, the threat will proceed to drop a text file named 'ReadMe.txt' on the device's desktop.

Unfortunately, the note left by the threat contains barely any information. It doesn't mention the amount of the ransom demanded by the attackers, whether they are willing to unlock any files for free as a demonstration, what the accepted payment methods are, etc. Instead, the supposed ransom note consists simply of the threat's name - 'PLAY,' and an email address - '' Users should keep in mind that different versions of Play Ransomware may use different emails as communication channels.

Related Posts


Most Viewed