Wilmington Convention Center Hit by Play Ransomware Attack
Ransomware Attack on Wilmington Convention Center: A Detailed Analysis
The Wilmington Convention Center (WCC), a prominent venue in North Carolina, has recently been targeted by the Play ransomware group. This attack has compromised a significant amount of sensitive data, posing serious risks to the center's operations and the privacy of its clients.
Victim Profile: Wilmington Convention Center
Spanning 107,000 square feet, the Wilmington Convention Center is a key player in the hospitality sector, offering a unique blend of historical charm and modern amenities. As the only convention center on the North Carolina coast, it serves as a premier venue for meetings, conventions, and events. The center's LEED certification underscores its commitment to sustainability, while its strategic location near local attractions and the Wilmington International Airport enhances its appeal. Despite its advanced infrastructure, the center's reliance on digital systems for operations and client management may have made it vulnerable to cyber threats.
Attack Overview
The Play ransomware group has claimed responsibility for the attack, which involved unauthorized access to a wide array of sensitive data. Compromised information includes private and personal confidential data, client documents, and critical financial records such as budget details, payroll information, and accounting files. The breach also exposed contracts, tax documents, and identification records, highlighting the potential for extensive repercussions on both the organization's operational integrity and individual privacy.
About the Play Ransomware Group
Active since June 2022, the Play ransomware group, also known as PlayCrypt, has been involved in numerous high-profile attacks across various industries. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others. The group distinguishes itself by not including an initial ransom demand in its notes, instead directing victims to contact them via email.
Potential Vulnerabilities and Penetration Methods
The Play ransomware group likely penetrated the Wilmington Convention Center's systems through known vulnerabilities in network protocols or software applications. The center's extensive use of digital systems for event management and client interactions may have provided multiple entry points for the attackers. The group's use of tools like Mimikatz for privilege escalation and custom tools for network enumeration further facilitated the breach.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!