Ransomware Attack on Smitty's Supply by Play Ransomware Group

Smitty's Supply, Inc., a leading manufacturer and distributor of lubricants and automotive products, has recently been targeted by the notorious Play ransomware group. This attack has caused significant operational disruptions, highlighting vulnerabilities within the company's cybersecurity infrastructure.

About Smitty's Supply

Founded in 1969, Smitty's Supply has grown from a small operation into a global leader in the lubricants industry. Headquartered in Roseland, Louisiana, the company operates multiple manufacturing facilities across the United States, including locations in Vicksburg, Mississippi, and Hammond, Indiana. With a workforce of approximately 189 employees, Smitty's Supply generates an annual revenue of around $68.5 million. The company is renowned for its extensive product portfolio, including the Super S brand, which accounts for a significant portion of its revenue. Smitty's Supply's vertical integration and advanced manufacturing capabilities set it apart in the industry.

Attack Overview

The Play ransomware group, active since June 2022, has claimed responsibility for the attack on Smitty's Supply. Known for targeting diverse industries, Play employs sophisticated encryption techniques to lock critical data and systems, demanding a ransom for decryption keys. The group likely exploited vulnerabilities in Smitty's cybersecurity infrastructure, potentially through compromised RDP servers or Microsoft Exchange vulnerabilities. This breach raises concerns about the security of sensitive data, including customer and financial information.

About Play Ransomware Group

Play ransomware, also known as PlayCrypt, has distinguished itself through its focus on high-profile targets across various regions, including North America and Europe. The group utilizes a range of attack methods, such as exploiting FortiOS and Microsoft Exchange vulnerabilities, to gain unauthorized access to networks. Play's approach includes using custom tools for network enumeration and data exfiltration, making it a formidable threat in the cybersecurity landscape.

Potential Vulnerabilities

Smitty's Supply's extensive operations and reliance on advanced technology for manufacturing and distribution may have contributed to its vulnerability. The company's ERP system, while enhancing operational efficiency, could have been a target for exploitation. The attack underscores the importance of effective cybersecurity measures to protect against sophisticated threat actors like the Play ransomware group.

Sources

• Smitty's Supply - About Us
• Cyberint - Play Ransomware
• SOCRadar - Play Ransomware Profile
• SCW Magazine - Smitty's Supply Success Story
• Proven Data - Play Ransomware