Garvey Flooring America Faces Data Breach by Play Ransomware

Incident Date: Sep 29, 2024

Attack Overview

VICTIM

Garvey Flooring America

INDUSTRY

Retail

LOCATION

USA

ATTACKER

Play

FIRST REPORTED

September 29, 2024

Request Removal

Ransomware Attack on Garvey Flooring America by Play Ransomware Group

Garvey Flooring America, a well-established flooring retailer and installer in Pennsylvania, has recently been targeted by the Play ransomware group. This attack has resulted in the unauthorized access and potential exfiltration of sensitive data, posing significant risks to the company's operations and the privacy of its clients and employees.

Company Profile and Industry Standing

Garvey Flooring America, also known as Garvey's Carpet, has been serving the Susquehanna Valley region since 1989. The company operates multiple locations, including Bloomsburg and Northumberland, and offers a wide range of flooring solutions such as carpet, hardwood, laminate, tile, and luxury vinyl tile. Known for its commitment to customer satisfaction and quality service, Garvey's has built a strong reputation in the local community. The company emphasizes expert installation services and personalized customer care, distinguishing itself from larger chains.

Vulnerabilities and Attack Overview

The Play ransomware group, active since June 2022, has claimed responsibility for the attack on Garvey Flooring America. The breach has compromised a variety of sensitive data, including client documents, payroll records, and financial information. The attack highlights vulnerabilities in the company's cybersecurity infrastructure, which may have been exploited through methods such as exploiting RDP servers, FortiOS vulnerabilities, or Microsoft Exchange vulnerabilities. The Play group is known for its sophisticated attack methods, including the use of custom tools and network scanners to infiltrate and maintain persistence within targeted systems.

Play Ransomware Group's Tactics

The Play ransomware group has distinguished itself by targeting a diverse range of industries and employing advanced techniques to evade detection. The group uses tools like Mimikatz for privilege escalation and employs defense evasion strategies to disable antimalware solutions. Unlike typical ransomware groups, Play does not include an initial ransom demand in its notes, instead directing victims to contact them via email. This approach, combined with their dark web presence, allows them to exert pressure on victims while maintaining anonymity.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.