Play Ransomware Hits Gateway Extrusions: Data Compromised

Incident Date: Jul 25, 2024

Attack Overview

VICTIM

Gateway Extrusions

INDUSTRY

Minerals & Mining

LOCATION

USA

ATTACKER

Play

FIRST REPORTED

July 25, 2024

Request Removal

Ransomware Attack on Gateway Extrusions by Play Ransomware Group

Overview of Gateway Extrusions

Gateway Extrusions, Ltd., based in Union, Missouri, is a specialized manufacturer in the aluminum extrusion industry. The company employs approximately 102 individuals and generates an estimated revenue of $23 million. Gateway Extrusions is known for its comprehensive aluminum extrusion services, which include design, production, finishing, and packaging. The company operates 11 extrusion lines running 24 hours a day, five days a week, ensuring high output and efficiency. Their commitment to quality and customer service is evident through stringent quality control measures and customer engagement initiatives.

Details of the Ransomware Attack

Gateway Extrusions recently fell victim to a ransomware attack orchestrated by the Play ransomware group. The breach compromised a significant amount of sensitive information, including private and personal confidential data, client documents, budget details, payroll records, accounting information, contracts, tax documents, IDs, and financial information. This attack has potentially severe implications for the company's operations and the privacy of its clients.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for targeting a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools for network enumeration and data theft.

Penetration and Impact

The Play ransomware group likely penetrated Gateway Extrusions' systems through vulnerabilities in their network infrastructure. The group uses scheduled tasks, PsExec, and Group Policy Objects to distribute ransomware executables within the internal network. They also employ tools to disable antimalware and monitoring solutions, making it challenging for the company to detect and mitigate the attack. The breach has resulted in the exposure of critical data, posing significant risks to the company's operations and client trust.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.