Play Ransomware Gang Attack A Spanish Bank

One of Spain’s largest banking institutions, Globalcaja,  has been hit by a ransomware attack affecting multiple branches. The attack is understood to have been carried out by the Play ransomware group, also known as PlayCrypt. The ransomware’s name is derived from its behaviour, as it adds the extension “.play” after encrypting files. Its ransom note also contains the single word, “PLAY,” along with the ransomware group’s contact email address. 

The ransomware gang is claiming Globalcaja is one of its latest victims and says it has gained access to both private and personal data, as well as numerous client and employee documents. Passport information and confidential contracts were also noted amongst the list of data seized during the incident. The bank has not confirmed that it has paid any ransom.

Globalcaja has nearly half a million customers and the bank provides a wide range of services. It manages a substantial portfolio of consumer loans, totalling over $4.6 billion, and employs approximately 1,000 people. The bank said that it "activated security” protocols designed to mitigate the impact of a potential breach. “From the very beginning, at Globalcaja we activated the security protocols created for this purpose, which led us to disable some office posts and temporarily limit the performance of some operations,” said the bank.  “We continue to work hard to finish normalising the situation and are analysing what happened, prioritising security at all times.”

This attack is the latest in a number of high-profile attacks conducted by the ransomware group, which has become more widely known following a series of high-profile attacks last year.

Play ransomware was used to attack the German hotel chain, H-Hotels and the State of New York Polytechnic college in 2022. This group also hit organisations across Latin America and has a track record of deploying attacks on companies operating in India, Hungary, the Netherlands, and Spain. 

Spanish financial institutions have been a hacking target for a long time, but the country has been dealing with more ransomware incidents in 2023, with one attack hitting a Barcelona hospital crippling a and another bringing down a Spanish fun park company.

Avertium:     Trend Micro:     The Record:     Computing:    Cybernews:    Bleepimg Computer:      ITPro:

You Might Also Read:

Top Six Cyber Secure Countries:
___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« XDR vs. SIEM: Do You Need One or Both?
To Succeed With Zero Trust, First Define Success »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

PSW Group

PSW Group

PSW Group is a full-service Internet solutions provider with a special focus on Internet security.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

National Cybersecurity Consortium (NCC) - Canada

National Cybersecurity Consortium (NCC) - Canada

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.