True Family Enterprises Falls Victim to Play Ransomware Attack

True Family Enterprises, a multifaceted private investment firm based in Newport Beach, California, has recently been targeted by the Play ransomware group. The attack has compromised a significant amount of sensitive data, including private and personal confidential information, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data.

About True Family Enterprises

Founded in 2012 by Twila and Alan True, True Family Enterprises operates as a family office managing a diverse portfolio of over 50 companies across various sectors, including real estate, entertainment, consumer goods, and health care. The firm employs approximately 33 individuals and reported an annual revenue of $14.5 million. The core focus of the company lies in real estate investments through its subsidiary, TrueLane Homes, which specializes in acquiring, renovating, and managing single-family rental properties across multiple states in the U.S.

What Makes True Family Enterprises Stand Out

True Family Enterprises is known for its diverse investment portfolio and commitment to social impact initiatives. The firm has made significant strides in the entertainment sector through investments in Volume Ventures and the 1500 Sound Academy. Additionally, the company engages in the consumer goods sector through Twila True Fine Jewelry and Twila True Collaborations. The firm's philanthropic efforts include the True Children’s Home and the True Sioux Hope Foundation, which aim to support vulnerable communities and individuals.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on True Family Enterprises. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The attackers have compromised a wide array of sensitive data, potentially jeopardizing the privacy and security of both the company and its clients.

About the Play Ransomware Group

The Play ransomware group distinguishes itself by using various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks. Unlike typical ransomware groups, Play ransomware does not include an initial ransom demand or payment instructions in its ransom notes, directing victims to contact the threat actors via email instead.

Potential Vulnerabilities

True Family Enterprises' diverse portfolio and extensive operations across multiple sectors may have made it an attractive target for the Play ransomware group. The firm's reliance on digital infrastructure for managing its investments and operations could have exposed vulnerabilities that the attackers exploited. The breach underscores the importance of stringent cybersecurity measures to protect sensitive data and maintain the integrity of business operations.

Sources

• True Family Enterprises
• SOCRadar - Play Ransomware
• Cyberint - Play Ransomware
• Proven Data - Play Ransomware
• Leaders Magazine - True Family Enterprises