Argentina's Judiciary of Córdoba was forced to take down its IT systems following a ransomware attack allegedly conducted by operators behind the Play ransomware operation.

According to local media, the incident, which occurred on August 13, 2022, impacted the agency’s website, digital services and databases, making it “worst attack on public institutions in history.”

The Judiciary has confirmed that it has been targeted with ransomware and is now conducting an investigation together with cyber security experts and local authorities.

Although the Judiciary did not share the details of the intrusion, some news media reported that the attack involved a variant of the Play ransomware, first spotted in June 2022.

Like any other ransomware operation, the Play ransomware operators breach target networks and encrypt files appending the .PLAY extension.

It’s not clear at this point how the intruders managed to breach the Judiciary’s systems. One possible explanation could be that they obtained login credentials by phishing the agency’s employees using a list of employee email addresses, which was leaked as part of the Lapsus$ breach of Globant in March.