McCody Concrete Hit by Play Ransomware Disrupting Operations
Ransomware Attack on McCody Concrete Products, Inc. by Play Ransomware Group
McCody Concrete Products, Inc., a key player in the construction industry, has recently been targeted by the Play ransomware group. This attack underscores the vulnerabilities faced by companies in the construction sector, which often rely heavily on digital infrastructure for their operations.
About McCody Concrete Products, Inc.
Based in Williston, North Dakota, McCody Concrete Products, Inc. is a comprehensive provider of concrete products and construction services. The company operates across several states, including North Dakota, Montana, South Dakota, Wyoming, Colorado, and Washington. McCody is known for its diverse offerings, which include ready-mix concrete, precast concrete products, and construction supplies. Their commitment to quality and customer responsiveness has made them a standout in the industry. With approximately 40 employees, McCody has grown significantly since its inception in 1999, following the merger of Williston Ready Mix and Williston Precast.
Details of the Ransomware Attack
On October 19, McCody Concrete Products, Inc. fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack targeted the company's digital infrastructure, potentially compromising sensitive data. The exact extent of the data breach remains unclear, but the incident has caused significant operational disruptions. The Play group, known for its sophisticated tactics, has added McCody to its list of victims, highlighting the persistent threat to the construction and manufacturing sectors.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, emerged in June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is distinguished by its use of various methods to gain network access, including exploiting RDP servers and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to maintain persistence on compromised systems.
Potential Vulnerabilities and Attack Methods
McCody's reliance on digital infrastructure for its operations may have made it vulnerable to the Play ransomware group's tactics. The group is known for exploiting vulnerabilities in network systems, such as RDP servers and Microsoft Exchange, to gain unauthorized access. Once inside, they use tools to disable security measures and escalate privileges, allowing them to execute their ransomware effectively.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!