Pacific Coast Building Products Hit by Play Ransomware Attack
Play Ransomware Group Targets Pacific Coast Building Products
Pacific Coast Building Products, Inc. (PCBP), a prominent player in the wholesale building materials industry, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, significantly impacting the company's operations and financial stability.
About Pacific Coast Building Products
Founded in 1953 by Fred Anderson in Sacramento, California, PCBP has grown from its origins as Anderson Lumber to become a major holding company in the building materials sector. The company operates through several subsidiaries, including Basalite Building Products, PABCO Building Products, and Pacific Coast Supply, managing over 80 locations across various states such as California, Hawaii, and Oklahoma. Under the leadership of Ryan Lucchetti, who became President and CEO in 2021, PCBP continues to emphasize quality products, exceptional service, and strong relationships.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on PCBP via their dark web leak site. The breach has compromised a wide range of sensitive information, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack, affecting both the operational and financial aspects of the company.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. They target a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.
Attack Methods and Penetration
Play ransomware employs various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks. The group is known for its minimalistic ransom notes, directing victims to contact them via email without an initial ransom demand.
Vulnerabilities and Impact
PCBP's extensive operations and the diverse range of subsidiaries make it a lucrative target for ransomware groups like Play. The company's reliance on interconnected systems and vast amounts of sensitive data further increases its vulnerability. The breach has not only compromised critical data but also poses a significant threat to the company's reputation and financial health.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!