Play Ransomware Hits Omicron Granite & Tile, Exposing Client Data
Ransomware Attack on Omicron Granite & Tile by Play Ransomware Group
Omicron Granite & Tile, a leading supplier and importer of natural stone products in Florida, has recently been targeted by the Play ransomware group. The attack has compromised sensitive data, including client documents, contracts, IDs, and financial information, posing significant risks to the company's operations and its clients' privacy.
About Omicron Granite & Tile
Established in 2000, Omicron Granite & Tile is the largest wholesale importer of natural stone in Florida. The company specializes in a wide array of materials such as granite, marble, onyx, and travertine. With multiple locations, including Pompano Beach and Fort Myers, Omicron Granite & Tile serves a diverse clientele that includes interior designers, kitchen and bath designers, fabricators, builders, contractors, architects, cabinetmakers, and homeowners. The company also offers services such as countertop installation and custom countertops, ensuring they meet the specific needs of their clients.
Attack Overview
The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Omicron Granite & Tile. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The attack on Omicron Granite & Tile has compromised private and personal confidential data, including client documents, contracts, IDs, and financial information.
About Play Ransomware Group
The Play ransomware group distinguishes itself by using various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group uses tools like Mimikatz to extract high-privilege credentials and escalate privileges. They also employ tools to disable antimalware and monitoring solutions, such as Process Hacker, GMER, and IOBit. Unlike typical ransomware groups, Play ransomware does not include an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email.
Potential Vulnerabilities
Omicron Granite & Tile's extensive operations and large customer base make it a lucrative target for ransomware groups. The company's reliance on digital systems for managing client information, contracts, and financial data could have made it vulnerable to cyberattacks. The Play ransomware group may have penetrated the company's systems through exploited vulnerabilities in RDP servers, FortiOS, or Microsoft Exchange, or by using valid accounts, including VPN accounts that may have been reused or illicitly acquired.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!