Ransomware Attack on Virginia Dare Extract Co. by Play Ransomware Group

Virginia Dare Extract Co., a centennial leader in the flavor development and extraction industry, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, significantly impacting the company's operations and client relationships.

About Virginia Dare Extract Co.

Established in 1923, Virginia Dare Extract Co. is headquartered in Carteret, New Jersey, with additional facilities in Brooklyn, New York. The company employs between 133 to 354 individuals and generates annual revenues estimated between $33 million and $119.5 million. Virginia Dare specializes in creating and supplying a wide range of flavors and extracts for the food and beverage sector, positioning itself as a global leader in this field. The company operates under two main platforms: Taste Foundations™ and Taste Collaborations™, emphasizing sustainable sourcing, premium production, and innovative flavor solutions.

Attack Overview

The Play ransomware group has claimed responsibility for the attack on Virginia Dare via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack, affecting both internal operations and external client relationships.

About the Play Ransomware Group

Active since June 2022, the Play ransomware group, also known as PlayCrypt, has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools for network enumeration and data exfiltration.

Penetration Methods

The Play ransomware group likely penetrated Virginia Dare's systems through vulnerabilities in their network infrastructure. The group is known for exploiting RDP servers and VPN accounts, which may have been reused or illicitly acquired. Additionally, the group uses scheduled tasks and PsExec to maintain persistence and distribute ransomware executables within the internal network, making it challenging for the company to detect and mitigate the attack promptly.

Sources

• Virginia Dare Extract Co.
• SOCRadar - Play Ransomware Profile
• Cyberint - Play Ransomware
• Proven Data - Play Ransomware