Ransomware Attack on Congoleum: Data Breach by Play Group
Ransomware Attack on Congoleum Corporation by Play Ransomware Group
Overview of Congoleum Corporation
Congoleum Corporation, founded in 1886 and headquartered in Mercerville, New Jersey, is a prominent manufacturer of residential and commercial flooring products. The company is known for its innovative designs and extensive product offerings, including over 1,000 combinations of designs and colorations. Congoleum employs approximately 197 individuals and reported an annual revenue of around $106.3 million in 2023. Despite its historical challenges related to asbestos litigation, Congoleum has focused on developing eco-friendly and modern flooring solutions.
Details of the Ransomware Attack
Congoleum recently fell victim to a ransomware attack orchestrated by the Play ransomware group. The attackers compromised and exfiltrated a significant amount of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, accounting files, contracts, tax documents, IDs, and financial information. A portion of this data has already been published online, with threats to release the full dataset if demands are not met. The attackers have made download links for the stolen data available, escalating the urgency for Congoleum to respond.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for targeting a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools for network enumeration and data exfiltration.
Potential Vulnerabilities and Penetration Methods
Congoleum's vulnerabilities that may have been exploited by the Play ransomware group include potential weaknesses in their network security, such as unpatched RDP servers or outdated software. The group is known to use valid accounts, including VPN accounts, which may have been reused or illicitly acquired. Additionally, the use of tools to disable antimalware and monitoring solutions could have facilitated the attack. The ransomware group’s ability to maintain persistence through scheduled tasks and PsExec further underscores the importance of robust cybersecurity measures.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!