Ransomware Attack on Mill Creek Lumber by Play Group

Mill Creek Lumber, a prominent supplier of building materials in the construction sector, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This incident underscores the increasing threat of cyberattacks on businesses, particularly those in critical infrastructure sectors.

About Mill Creek Lumber

Mill Creek Lumber is a comprehensive supplier of building materials, specializing in engineered wood products and services tailored for the construction industry. Their offerings include engineered wood beams, joists, and panels, which are designed to meet the needs of both residential and commercial construction projects. The company emphasizes the use of engineered wood, recognized for its strength, durability, and environmental benefits. These products are manufactured from renewable resources, contributing to sustainable building practices.

In addition to supplying materials, Mill Creek Lumber offers technical support and resources for builders and architects. This includes construction guides, installation instructions, and design assistance, ensuring that projects are completed efficiently and to high standards. Their commitment to quality is evident in their collaborations with organizations like the APA – The Engineered Wood Association.

Attack Overview

The ransomware attack on Mill Creek Lumber has significantly impacted the company's operations. The Play ransomware group, also known as PlayCrypt, claimed responsibility for the attack via their dark web leak site. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.

About the Play Ransomware Group

The Play ransomware group initially focused on Latin America but later expanded to North America, South America, and Europe. They use various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.

Play ransomware distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email. The group has impacted over 300 entities, including businesses and critical infrastructure across multiple regions.

Potential Vulnerabilities

Mill Creek Lumber's extensive digital infrastructure, which includes detailed specifications and performance ratings for their products, technical support resources, and collaborations with industry organizations, may have made them a target for threat actors. The company's reliance on digital systems for operations and customer support could have provided multiple entry points for the ransomware group.

Sources

• Mill Creek Lumber
• SOCRadar - Dark Web Profile: Play Ransomware
• Cyberint - Are They Really Playing? Get to Know Play Ransomware
• Proven Data - Play Ransomware
• Red Piranha - Play Ransomware: All You Need to Know