Ransomware Attack on Mid State Electric by Play Group

On October 19, Mid State Electric, a prominent industrial electrical contractor based in Sioux City, Iowa, fell victim to a ransomware attack orchestrated by the notorious Play ransomware group. This incident highlights the ongoing threat posed by cybercriminals targeting critical service providers, potentially disrupting essential services and compromising sensitive information.

About Mid State Electric

Mid State Electric, operating as Mid States Electric Co., Inc., has been serving the industrial electrical needs of the Midwest since 1991. The company is renowned for its reliability and expertise, catering to a diverse range of industries, including food processing, government projects, and energy sectors such as ethanol and oil. Their core services encompass industrial panels, control system upgrades, medium voltage installations, and material handling systems. The company's commitment to quality and efficiency, along with its "Right the First Time" approach, has helped build long-term relationships with clients.

Attack Overview

The ransomware attack on Mid State Electric was claimed by the Play group via their dark web leak site. The extent of the data breach remains undetermined, leaving the potential impact on their operations and client data uncertain. This attack underscores the vulnerabilities faced by companies in the construction and industrial sectors, which are often targeted due to their critical role in infrastructure and operations.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. They have targeted a diverse range of industries, including IT, transportation, construction, and government entities. The group is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange to gain initial access to networks. Their use of custom tools and techniques, such as Grixba, distinguishes them in the cybercriminal landscape.

Potential Vulnerabilities

Mid State Electric's extensive involvement in critical infrastructure projects makes it an attractive target for ransomware groups like Play. The company's reliance on complex control systems and medium voltage installations may present vulnerabilities that threat actors can exploit. Additionally, as a federal government contractor, the company must adhere to stringent regulatory requirements, which, if not adequately managed, could expose them to cyber threats.

Sources

• SOCRadar - Dark Web Profile: Play Ransomware
• Cyberint - Get to Know Play Ransomware
• Mid States Electric Co., Inc.