Argentina's Judiciary of Córdoba has shut down its IT systems and online portal after suffering a ransomware attack, claimed by the new 'PLAY' ransomware operation. The Judiciary confirmed that it has engaged with Microsoft, Cisco and other local specialists to investigate the attack.
It is unknown how PLAY breached the Judiciary's network, but a list of employee email addresses was leaked as part of the Lapsus$ breach of Globant in March. This may have allowed threat actors to conduct a phishing attack to steal credentials. There is no data leak associated with the ransomware gang, nor any indication that data was stolen during the attack.
The Active Protection in Acronis Cyber Protect Cloud detects and blocks ransomware, keeping your data safe from encryption and extortion.