Play Ransomware Group Targets Celluphone, Inc., Compromising Sensitive Data

Incident Date: Jun 13, 2024

Attack Overview

VICTIM

Celluphone, Inc.

INDUSTRY

Telecommunications

LOCATION

USA

ATTACKER

Play

FIRST REPORTED

June 13, 2024

Request Removal

Ransomware Attack on Celluphone, Inc. by Play Ransomware Group

Overview of Celluphone, Inc.

Celluphone, Inc., based in Cerritos, California, is a prominent wholesale distributor of wireless equipment. Founded in 1983, the company has established itself as a master agent for various wireless carriers, facilitating the distribution of smartphones, tablets, and accessories to retailers. With an annual revenue of $145.5 million and a workforce of 42 employees, Celluphone supports several hundred active dealers across the United States. The company is renowned for its comprehensive support services, including sales training, marketing support, and technical assistance.

Details of the Ransomware Attack

Celluphone, Inc. recently fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack resulted in the compromise of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, accounting data, contracts, tax information, IDs, and financial records. The breach was publicly claimed by the Play group on their dark web leak site, highlighting the severity of the incident.

About the Play Ransomware Group

The Play ransomware group is a significant player in the cybercrime landscape, known for targeting Linux systems. Originating from the Babuk code, Play ransomware has evolved to deploy cryptographic lockers, focusing on ESXi environments. The group is operated by Ransom House and has been active since 2021. Play ransomware is characterized by its unique verbose ransom notes and the use of various hack tools and utilities to achieve initial access and maintain persistence within compromised networks.

Potential Vulnerabilities and Attack Penetration

Celluphone's role as a master agent in the telecommunications sector involves handling vast amounts of sensitive data, making it an attractive target for ransomware groups. The Play ransomware group likely exploited vulnerabilities in Celluphone's network security, potentially through phishing attacks, unpatched software, or weak access controls. The group's sophisticated tactics, including the use of AnyDesk, NetCat, and encoded PowerShell Empire scripts, suggest a well-coordinated effort to infiltrate and compromise Celluphone's systems.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.