Play Ransomware Hits Omicron Granite & Tile, Exposing Client Data

Incident Date: Aug 29, 2024

Attack Overview
VICTIM
Omicron Granite & Tile
INDUSTRY
Construction
LOCATION
USA
ATTACKER
Play
FIRST REPORTED
August 29, 2024

Ransomware Attack on Omicron Granite & Tile by Play Ransomware Group

Omicron Granite & Tile, a leading supplier and importer of natural stone products in Florida, has recently been targeted by the Play ransomware group. The attack has compromised sensitive data, including client documents, contracts, IDs, and financial information, posing significant risks to the company's operations and its clients' privacy.

About Omicron Granite & Tile

Established in 2000, Omicron Granite & Tile is the largest wholesale importer of natural stone in Florida. The company specializes in a wide array of materials such as granite, marble, onyx, and travertine. With multiple locations, including Pompano Beach and Fort Myers, Omicron Granite & Tile serves a diverse clientele that includes interior designers, kitchen and bath designers, fabricators, builders, contractors, architects, cabinetmakers, and homeowners. The company also offers services such as countertop installation and custom countertops, ensuring they meet the specific needs of their clients.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Omicron Granite & Tile. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The attack on Omicron Granite & Tile has compromised private and personal confidential data, including client documents, contracts, IDs, and financial information.

About Play Ransomware Group

The Play ransomware group distinguishes itself by using various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group uses tools like Mimikatz to extract high-privilege credentials and escalate privileges. They also employ tools to disable antimalware and monitoring solutions, such as Process Hacker, GMER, and IOBit. Unlike typical ransomware groups, Play ransomware does not include an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email.

Potential Vulnerabilities

Omicron Granite & Tile's extensive operations and large customer base make it a lucrative target for ransomware groups. The company's reliance on digital systems for managing client information, contracts, and financial data could have made it vulnerable to cyberattacks. The Play ransomware group may have penetrated the company's systems through exploited vulnerabilities in RDP servers, FortiOS, or Microsoft Exchange, or by using valid accounts, including VPN accounts that may have been reused or illicitly acquired.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.