Security News > 2023 > January > Rackspace confirms Play ransomware was behind recent cyberattack
Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments.
While Crowdstrike didn't name the victim in their report, Rackspace officials have revealed in recent local media interviews and emails to BleepingComputer that the OWASSRF exploit was found on its network and Play ransomware was behind last month's ransomware attack.
The Play ransomware operation was first spotted in June 2022, after the first victims began reaching out for help in the BleepingComputer forums.
Since its launch, dozens of victims have uploaded ransom notes and samples to the ID Ransomware platform to identify what ransomware was used to encrypt their files.
Unlike most ransomware operations, Play gang affiliates use email as a negotiation channel and will not provide victims with a link to a Tor negotiations page within ransom notes dropped on encrypted systems.
Recent Play ransomware victims include the German H-Hotels hotel chain, Argentina's Judiciary of Córdoba, and the Belgium city of Antwerp.