Wes-Tec Inc. Suffers Ransomware Attack by Play Ransomware Group

Wes-Tec Inc., a company specializing in distributed networks and wireless integration services, has been targeted by the Play Ransomware group, as reported on their dark web leak site. The company, which operates in the telecommunications sector, has been impacted by the ransomware attack, which has resulted in the theft of private and confidential data, including client and employee information.

Company Overview

Wes-Tec Inc. is a company that offers turnkey commercial wireless and public safety integration services to carriers, neutral hosts, venue owners, and developers looking to deploy and/or maintain iDAS, oDAS, and/or small cell systems. The company has completed 1,000 LTE projects and has partnered with SOLiD to bring fully integrated commercial wireless, essential 2-Way Radio, and public safety solutions to Wes-Tec DAS deployments.

Company Size and Industry Standout

Wes-Tec Inc. is a WBENC Certified Company and has been recognized as one of the Top 100 Woman Owned Businesses in California and a Top 500 Woman Owned Businesses Nationwide by Diversity Business. The company's expertise in distributed networks and wireless integration services sets it apart in the telecommunications sector.

Vulnerabilities and Targeting

The Play Ransomware group, known for its use of AdFind, a command-line query tool capable of collecting information from Active Directory, gained initial access to Wes-Tec's network through exposed RDP servers and FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812. Once inside the network, the group used "lolbins" binaries, Group Policy Objects, scheduled tasks, PsExec, or wmic to distribute executables and gain full access to the internal network.

Mitigation Strategies

To mitigate the risks of ransomware attacks, companies should employ multifactor authentication, apply the least privilege principle, enable logical and physical network segmentation, deploy attack surface management, secure domain controllers, maintain offline and encrypted backups, and track security patches and software/OS updates.

The Play Ransomware group's attack on Wes-Tec Inc. highlights the importance of robust cybersecurity measures in the telecommunications sector. Companies must remain vigilant against ransomware threats and implement comprehensive security strategies to protect their networks and data.

Sources

• Wes-Tec Inc. Website: https://wes-tec.com
• Spin.AI Ransomware Tracker: https://spin.ai/resources/ransomware-tracker/
• SOCRadar Dark Web Profile: Play Ransomware: https://socradar.io/dark-web-profile-play-ransomware/
• Cybersecurity Ventures Ransomware Report: https://cybersecurityventures.com/ransomware-report/
• U.S. and U.K. Disrupt LockBit Ransomware Variant: https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant
• CISA Report Ransomware: https://www.cisa.gov/stopransomware/report-ransomware