Ransomware Attack on SMS Group by Play Ransomware: Key Details and Impact

Incident Date: Aug 21, 2024

Attack Overview
VICTIM
The SMS Group
INDUSTRY
Manufacturing
LOCATION
USA
ATTACKER
Play
FIRST REPORTED
August 21, 2024

Ransomware Attack on The SMS Group by Play Ransomware

The SMS Group, a prominent technology solutions provider specializing in data collection integration for the manufacturing sector, has fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack was first identified on August 21, and sensitive files were subsequently published on the dark web on August 26. The breach has garnered significant attention, with 487 views on the dark web post detailing the incident.

About The SMS Group

Established in 1988 in Sidney, Ohio, The SMS Group has grown from a local service provider to a global player in the technology solutions industry. The company is recognized for enhancing operational efficiency through innovative technology solutions. Their core services include data collection integration, custom software development, mobile app development, ERP integration, and various technical services. The SMS Group's commitment to innovation and customer success has made them a standout in the industry.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on The SMS Group. The attack was identified on August 21, and by August 26, sensitive files were leaked on the dark web. The exact method of penetration remains unclear, but Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, as well as using valid accounts and custom tools to gain access to networks.

About Play Ransomware Group

Active since June 2022, the Play ransomware group has been responsible for numerous high-profile attacks across various industries, including IT, transportation, and government entities. The group distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes, instead directing victims to contact them via email. Play ransomware employs sophisticated methods such as exploiting RDP and VPN vulnerabilities, using tools like Mimikatz for privilege escalation, and disabling antimalware solutions to evade detection.

Potential Vulnerabilities

The SMS Group's extensive use of data collection and integration technologies, along with their reliance on custom software and ERP systems, may have made them an attractive target for the Play ransomware group. The company's global operations and the critical nature of their services in the manufacturing sector further increase the potential impact of such an attack. Ensuring strong cybersecurity measures and regular vulnerability assessments are crucial for companies like The SMS Group to protect against sophisticated threat actors.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.