Ransomware Attack Exposes Creative Playthings' Sensitive Data
Ransomware Attack on Creative Playthings by Play Ransomware Group
About Creative Playthings
Creative Playthings, founded in 1951, is a renowned manufacturer of high-quality wooden swing sets and playset accessories. Headquartered in Framingham, Massachusetts, the company has built a strong reputation over seven decades for its commitment to quality and innovation. Employing around 40 people, Creative Playthings reported revenues of approximately $65.7 million. The company is known for pioneering industry advancements such as steel reinforcement plates and nylon bushing swing hangers, which have become standard features in many swing sets.
Attack Overview
Creative Playthings has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attackers have compromised a wide array of sensitive data, including private and personal confidential information, client documents, budgetary details, payroll records, accounting files, contracts, tax information, identification documents, and financial data. This breach has exposed critical information, potentially impacting the company's operations and client trust.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.
Penetration Methods
Play ransomware employs sophisticated techniques to penetrate company systems. They use scheduled tasks and PsExec for execution and persistence, and tools like Mimikatz for privilege escalation. The group also disables antimalware and monitoring solutions using tools such as Process Hacker and GMER. Their custom tools, including Grixba, help in enumerating users and computers on compromised networks and copying files from the Volume Shadow Copy Service.
Impact on Creative Playthings
The ransomware attack on Creative Playthings has exposed critical and sensitive data, which could have severe implications for the company's operations and client trust. Given the company's reputation for quality and innovation, this breach could undermine its market position and customer confidence. The attack highlights the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!