Bel-Air Bay Club Hit by Play Ransomware Group in Major Data Breach
Incident Date:
September 10, 2024
Overview
Title
Bel-Air Bay Club Hit by Play Ransomware Group in Major Data Breach
Victim
Bel-Air Bay Club
Attacker
Play
Location
First Reported
September 10, 2024
Ransomware Attack on Bel-Air Bay Club by Play Ransomware Group
The Bel-Air Bay Club, a prestigious venue located in Pacific Palisades, California, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, posing significant risks to both the club and its clients.
About Bel-Air Bay Club
Established in 1927, Bel-Air Bay Club, Ltd. operates as a private membership organization and event venue. The club is divided into two main areas: the Upper Club and the Lower Club. The Upper Club is renowned for its picturesque setting and versatile event spaces, while the Lower Club offers a private beach experience. The club employs approximately 95 to 134 employees and generates an annual revenue of around $9.8 million. Its rich history and exclusive services make it a standout in the hospitality sector.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on Bel-Air Bay Club via their dark web leak site. The breach has compromised a wide range of sensitive data, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The scope of the data affected underscores the severity of the breach.
About Play Ransomware Group
Active since June 2022, the Play ransomware group, also known as PlayCrypt, has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. They target a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.
Penetration Methods
Play ransomware employs a variety of techniques to penetrate systems. They use scheduled tasks and PsExec for execution, and tools like Mimikatz for privilege escalation. The group also employs custom tools to enumerate users and computers on compromised networks and copy files from the Volume Shadow Copy Service. Their ability to disable antimalware and monitoring solutions further distinguishes them in the cyber threat landscape.
Vulnerabilities and Impact
The Bel-Air Bay Club's extensive use of digital systems for managing client data, financial records, and event planning made it a lucrative target for the Play ransomware group. The breach has not only compromised sensitive data but also threatens the club's reputation and operational integrity. The attack highlights the growing risks faced by organizations in the hospitality sector, emphasizing the need for enhanced cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.