Play Ransomware Strikes Hive Power Engineering Firm

Incident Date: Nov 19, 2024

Attack Overview

VICTIM

Hive Power Engineering

INDUSTRY

Energy, Utilities & Waste

LOCATION

USA

ATTACKER

Play

FIRST REPORTED

November 19, 2024

Request Removal

Ransomware Attack on Hive Power Engineering: A Closer Look

On November 20, Hive Power Engineering LLC (HPE), a specialized engineering firm based in Allentown, Pennsylvania, became the latest victim of a ransomware attack orchestrated by the notorious Play ransomware group. HPE, known for its engineering design and consulting services in the Transmission and Distribution sector, has built a reputation for delivering high-quality, client-centric solutions. Despite its small size, with approximately 9 to 15 employees, the company has established itself as a reliable partner for utilities and developers in the energy sector.

Company Profile and Vulnerabilities

Hive Power Engineering's expertise lies in substation design, protection and control systems, and comprehensive power system studies. The firm's agility and innovative approach are enhanced by its small, collaborative team structure, which allows for rapid decision-making. However, this same agility may also present vulnerabilities, as smaller firms often lack the extensive cybersecurity infrastructure of larger organizations, making them attractive targets for sophisticated threat actors like Play.

Attack Overview

The Play ransomware group, known for its technical sophistication and targeted campaigns, claimed responsibility for the attack on HPE. The breach resulted in the leakage of sensitive data, including client documents, budget details, payroll information, and financial records. The full extent of the data leak and its impact on HPE's operations remain unclear.

About Play Ransomware Group

Emerging in June 2022, Play ransomware has distinguished itself through its closed operational structure and innovative techniques, such as intermittent encryption. This method encrypts only portions of files, reducing detection time and complicating defense efforts. Play's focus on high-value sectors and its collaboration with APT 45, a North Korean state-sponsored group, highlight its strategic approach to exploiting cybersecurity gaps. The group often leverages vulnerabilities like ProxyNotShell and authentication bypass flaws in VPNs to gain initial access to target environments.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.