Elgin Separation Solutions Targeted by Play Ransomware Group

Elgin Separation Solutions, a renowned manufacturer in the liquid/solids separation and waste management sector, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack has led to the unauthorized access and potential exfiltration of sensitive data, posing significant risks to the company and its clients.

About Elgin Separation Solutions

Founded in 1864 in Elgin, Illinois, Elgin Separation Solutions is a leading provider of specialized equipment for industries such as oil and gas, mining, and waste management. The company offers a comprehensive range of products, including vertical and horizontal centrifuges, decanter centrifuges, mobile packaged treatment systems, vibrating screens, and cuttings dryers. Elgin's solutions are designed to enhance material handling and processing efficiency, making them a trusted resource in their field.

Elgin Separation Solutions was recently acquired by TerraSource Global in January 2023, a move expected to bolster their capabilities and expand their market reach. Despite their long-standing reputation and innovative product offerings, the company has now become a target for cybercriminals.

Details of the Ransomware Attack

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Elgin Separation Solutions. The breach has compromised a wide array of sensitive data, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach highlights the severity of the attack and its potential ramifications.

About the Play Ransomware Group

Active since June 2022, the Play ransomware group has targeted various industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs sophisticated methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks.

Play ransomware is known for its unique approach, including the use of minimalistic ransom notes that direct victims to contact the threat actors via email. The group has impacted over 300 entities globally, making it a significant threat in the cybersecurity landscape.

Potential Vulnerabilities

Elgin Separation Solutions, like many companies in the manufacturing sector, may have been vulnerable due to several factors. These could include outdated software, insufficient network segmentation, and inadequate security measures for remote access points. The Play ransomware group likely exploited these vulnerabilities to penetrate the company's systems and execute their attack.

Sources

• Elgin Separation Solutions
• Cyberint - Play Ransomware
• SOCRadar - Play Ransomware Profile
• Messe365 - TerraSource Global Acquisition