Baskervill Design Firm Hit by Play Ransomware Group in Cyber Attack
Incident Date:
September 18, 2024
Overview
Title
Baskervill Design Firm Hit by Play Ransomware Group in Cyber Attack
Victim
Baskervill
Attacker
Play
Location
First Reported
September 18, 2024
Ransomware Attack on Baskervill by Play Ransomware Group
Baskervill, a multifaceted design firm based in Richmond, Virginia, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack, discovered on September 17, highlights the increasing threat of ransomware attacks on critical sectors, including architecture and design.
About Baskervill
Baskervill is a renowned architectural firm with a legacy dating back to 1897. The company specializes in architecture, interior design, and MEP (Mechanical, Electrical, and Plumbing) engineering services. With approximately 100 professionals, Baskervill operates multiple offices and has an estimated annual revenue of $23.7 million. The firm is known for its collaborative approach to design, encapsulated in their motto: "Ask. Listen. Create." Their portfolio includes diverse projects such as The Shockoe Project, Beaches Negril, VIMS Chesapeake Bay Hall, and the VCU College of Engineering Research Building.
Attack Overview
The Play ransomware group claimed responsibility for the attack on Baskervill via their dark web leak site. While the exact size of the data leak remains unknown, the incident underscores the vulnerabilities that even well-established firms face. Baskervill's emphasis on collaboration and extensive client engagement may have inadvertently exposed them to cyber threats, as these practices often involve extensive data sharing and communication, which can be exploited by threat actors.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. They have targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. Play ransomware distinguishes itself by using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They employ tools like Mimikatz for privilege escalation and custom tools for network enumeration and data theft.
Penetration Methods
Play ransomware likely penetrated Baskervill's systems through a combination of exploiting known vulnerabilities and using valid accounts. The group is known for using scheduled tasks and PsExec for execution and persistence, as well as tools to disable antimalware and monitoring solutions. The attack on Baskervill serves as a stark reminder of the importance of stringent cybersecurity measures, especially for firms handling sensitive client data and engaging in extensive collaborative processes.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.