Baskervill Design Firm Hit by Play Ransomware Group in Cyber Attack
Ransomware Attack on Baskervill by Play Ransomware Group
Baskervill, a multifaceted design firm based in Richmond, Virginia, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack, discovered on September 17, highlights the increasing threat of ransomware attacks on critical sectors, including architecture and design.
About Baskervill
Baskervill is a renowned architectural firm with a legacy dating back to 1897. The company specializes in architecture, interior design, and MEP (Mechanical, Electrical, and Plumbing) engineering services. With approximately 100 professionals, Baskervill operates multiple offices and has an estimated annual revenue of $23.7 million. The firm is known for its collaborative approach to design, encapsulated in their motto: "Ask. Listen. Create." Their portfolio includes diverse projects such as The Shockoe Project, Beaches Negril, VIMS Chesapeake Bay Hall, and the VCU College of Engineering Research Building.
Attack Overview
The Play ransomware group claimed responsibility for the attack on Baskervill via their dark web leak site. While the exact size of the data leak remains unknown, the incident underscores the vulnerabilities that even well-established firms face. Baskervill's emphasis on collaboration and extensive client engagement may have inadvertently exposed them to cyber threats, as these practices often involve extensive data sharing and communication, which can be exploited by threat actors.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. They have targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. Play ransomware distinguishes itself by using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They employ tools like Mimikatz for privilege escalation and custom tools for network enumeration and data theft.
Penetration Methods
Play ransomware likely penetrated Baskervill's systems through a combination of exploiting known vulnerabilities and using valid accounts. The group is known for using scheduled tasks and PsExec for execution and persistence, as well as tools to disable antimalware and monitoring solutions. The attack on Baskervill serves as a stark reminder of the importance of stringent cybersecurity measures, especially for firms handling sensitive client data and engaging in extensive collaborative processes.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!