Ransomware Attack on Plaisted Companies by PLAY Ransomware Group

Plaisted Companies, a well-established supplier of sand, gravel, and other aggregate materials based in Elk River, Minnesota, has recently fallen victim to a ransomware attack orchestrated by the PLAY ransomware group. The attack has raised significant concerns within the construction and landscaping sectors, given the company's prominent role and extensive client base.

About Plaisted Companies

Founded in 1990 by Todd Plaisted, Plaisted Companies has grown to become a key player in the construction and landscaping industries. The company specializes in providing a wide range of aggregate materials, including sand, gravel, engineered soils, and horticultural products. Their offerings cater to both residential and commercial clients, with a strong emphasis on quality and customer service. The company operates with an estimated annual revenue of approximately $18 million and is known for its innovative solutions, such as the Accublender™ system introduced in 1995.

Attack Overview

The PLAY ransomware group has claimed responsibility for the attack on Plaisted Companies, threatening to publish the compromised data on September 24. The stolen data reportedly includes private and personal confidential information, client documents, budget details, payroll records, accounting information, contracts, tax documents, identification details, and financial information. This breach has the potential to cause significant disruption to the company's operations and damage its reputation.

About PLAY Ransomware Group

The PLAY ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. PLAY ransomware is known for targeting a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.

Penetration Methods

PLAY ransomware uses a combination of scheduled tasks, PsExec, and Group Policy Objects (GPOs) to execute its code and maintain persistence on compromised systems. The group also utilizes tools like Mimikatz for privilege escalation and employs defense evasion techniques to disable antimalware and monitoring solutions. Custom tools are used to enumerate users and computers on the network and copy files from the Volume Shadow Copy Service (VSS).

Vulnerabilities and Impact

Plaisted Companies' extensive digital footprint and reliance on networked systems for operations and customer service make it a prime target for ransomware attacks. The company's commitment to quality and innovation, while beneficial, also means that any disruption can have far-reaching consequences. The attack by the PLAY ransomware group underscores the importance of stringent cybersecurity measures, especially for companies in critical sectors like construction and landscaping.

Sources

• Plaisted Companies
• SOCRadar - Dark Web Profile: Play Ransomware
• Cyberint - Are They Really Playing? Get to Know Play Ransomware
• Proven Data - Play Ransomware
• Elk River Chamber of Commerce - Plaisted Companies, Inc.