Play Ransomware Gang Attack A Spanish Bank

One of Spain’s largest banking institutions, Globalcaja,  has been hit by a ransomware attack affecting multiple branches. The attack is understood to have been carried out by the Play ransomware group, also known as PlayCrypt. The ransomware’s name is derived from its behaviour, as it adds the extension “.play” after encrypting files. Its ransom note also contains the single word, “PLAY,” along with the ransomware group’s contact email address. 

The ransomware gang is claiming Globalcaja is one of its latest victims and says it has gained access to both private and personal data, as well as numerous client and employee documents. Passport information and confidential contracts were also noted amongst the list of data seized during the incident. The bank has not confirmed that it has paid any ransom.

Globalcaja has nearly half a million customers and the bank provides a wide range of services. It manages a substantial portfolio of consumer loans, totalling over $4.6 billion, and employs approximately 1,000 people. The bank said that it "activated security” protocols designed to mitigate the impact of a potential breach. “From the very beginning, at Globalcaja we activated the security protocols created for this purpose, which led us to disable some office posts and temporarily limit the performance of some operations,” said the bank.  “We continue to work hard to finish normalising the situation and are analysing what happened, prioritising security at all times.”

This attack is the latest in a number of high-profile attacks conducted by the ransomware group, which has become more widely known following a series of high-profile attacks last year.

Play ransomware was used to attack the German hotel chain, H-Hotels and the State of New York Polytechnic college in 2022. This group also hit organisations across Latin America and has a track record of deploying attacks on companies operating in India, Hungary, the Netherlands, and Spain. 

Spanish financial institutions have been a hacking target for a long time, but the country has been dealing with more ransomware incidents in 2023, with one attack hitting a Barcelona hospital crippling a and another bringing down a Spanish fun park company.

Avertium:     Trend Micro:     The Record:     Computing:    Cybernews:    Bleepimg Computer:      ITPro:

You Might Also Read:

Top Six Cyber Secure Countries:
___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« XDR vs. SIEM: Do You Need One or Both?
To Succeed With Zero Trust, First Define Success »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Barikat Cyber Security

Barikat Cyber Security

Barikat is a provider of information security solution and services including security analysis and compliance, security testing, managed security services, incident response and training.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Alset Technologies

Alset Technologies

Alset Technologies provides DASH - a comprehensive solution to DISA STIG (Security Technical Implementation Guide) compliance.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.