Ransomware Attack on 21st Century Energy Group by Play Ransomware: Data Breach Details
Ransomware Attack on The 21st Century Energy Group by Play Ransomware Group
Company Overview
The 21st Century Energy Group is a prominent provider of residential and commercial energy products and services in the northeastern United States. The company offers a range of fuels, including heating oil, propane, kerosene, diesel fuel, and gasoline. Additionally, they provide heating and cooling equipment installation, maintenance, and repair services. With a strong focus on customer service, the company ensures timely delivery, competitive pricing, and personalized service plans. The company operates seven delivery centers, with Reed Oil Company in New Castle serving as the headquarters.
Attack Overview
On July 11, 2024, The 21st Century Energy Group fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack led to a significant data breach, compromising a wide array of sensitive information, including private and personal confidential details, client documents, budget reports, payroll data, accounting records, contracts, tax documents, identification documents, and financial information. This breach poses serious privacy and security risks to both the company and its clients, encompassing residential and commercial sectors.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others, to gain initial access to networks.
Penetration and Impact
Play ransomware employs various methods to penetrate systems, including exploiting RDP servers and FortiOS vulnerabilities, using valid accounts, and leveraging Microsoft Exchange vulnerabilities. Once inside, the ransomware executes its code using scheduled tasks and PsExec, maintains persistence, and escalates privileges using tools like Mimikatz. The group also disables antimalware and monitoring solutions to evade detection. The attack on The 21st Century Energy Group highlights the vulnerabilities in the company's cybersecurity infrastructure, making it a target for sophisticated threat actors like Play ransomware.
Company Vulnerabilities
The 21st Century Energy Group's reliance on digital infrastructure for account management, online ordering, and customer support may have contributed to its vulnerability. The company's extensive operations and the critical nature of its services make it an attractive target for ransomware groups seeking to cause widespread disruption and demand significant ransoms.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!