Ransomware Attack on Hyperice Inc. by PLAY Group Threatens Sensitive Data

Incident Date: Jul 11, 2024

Attack Overview

VICTIM

Hyperice Inc.

INDUSTRY

Consumer Services

LOCATION

USA

ATTACKER

Play

FIRST REPORTED

July 11, 2024

Request Removal

Ransomware Attack on Hyperice Inc. by PLAY Ransomware Group

Overview of Hyperice Inc.

Hyperice Inc., headquartered in Irvine, California, is a leading company in the Health & Fitness sector, specializing in performance recovery products and technology. Founded in 2011, Hyperice has built a reputation for its innovative devices aimed at muscle recovery, pain relief, and physical therapy. The company's flagship products include the Hypervolt, a percussion therapy device, and the Normatec line of pneumatic compression devices. Hyperice collaborates with professional athletes and sports leagues, including the NBA, NFL, and MLB, to refine and validate their offerings.

Details of the Ransomware Attack

Hyperice Inc. has fallen victim to a ransomware attack orchestrated by the PLAY ransomware group. The attackers have threatened to release a wide array of the company's sensitive data on July 16, 2024, unless their demands are met. The compromised data includes private and personal confidential information, client documents, budgets, payroll details, accounting records, contracts, tax information, IDs, and financial details. This breach poses a significant threat to the privacy and financial integrity of Hyperice Inc. and its clients.

About the PLAY Ransomware Group

The PLAY ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. PLAY ransomware uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks.

Potential Vulnerabilities and Penetration Methods

Hyperice Inc.'s vulnerabilities that may have been exploited by the PLAY ransomware group include potential weaknesses in their RDP servers, VPN accounts, and Microsoft Exchange servers. The group is known for using scheduled tasks, PsExec, and Group Policy Objects to distribute ransomware executables within internal networks. Additionally, the use of tools to disable antimalware and monitoring solutions could have facilitated the attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.