Ransomware Attack on GDB International by Play Ransomware Group

GDB International, a leading provider of recycling and sustainability solutions, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This incident has compromised a significant amount of sensitive information, posing severe risks to the company's operations and its clients' privacy.

About GDB International

Founded in 1993 and headquartered in New Brunswick, New Jersey, GDB International specializes in recycling various commodities, including plastics, metals, paper, and paints. The company is particularly noted for its expertise in recycling post-consumer plastics and is the largest producer of recycled latex paints globally. With a workforce of approximately 91 to 105 employees, GDB International operates over 2.2 million square feet of distribution and processing space across multiple continents, including North America, Europe, and Asia.

Attack Overview

The Play ransomware group has claimed responsibility for the attack on GDB International via their dark web leak site. The attackers have compromised a wide array of sensitive information, including private and personal confidential data, client documents, budget details, payroll records, accounting information, contracts, tax documents, IDs, and financial data. This breach poses significant risks to the company's operations and its clients' privacy, potentially leading to severe financial and reputational damage.

About Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.

Attack Methods

Play ransomware employs various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group uses tools like Mimikatz for privilege escalation and employs custom tools to enumerate users and computers on a compromised network. They also use tools to disable antimalware and monitoring solutions, making their attacks particularly challenging to detect and mitigate.

Potential Vulnerabilities

GDB International's extensive global operations and the sensitive nature of the data they handle make them a prime target for ransomware attacks. The company's reliance on digital systems for managing its recycling and sustainability solutions could have provided multiple entry points for the attackers. The breach underscores the importance of comprehensive cybersecurity measures, especially for companies handling large volumes of sensitive data.

• GDB International
• SOCRadar - Play Ransomware
• Cyberint - Play Ransomware
• Proven Data - Play Ransomware
• LinkedIn - GDB International