Credible Group Hit by Major Ransomware Attack from Play Group
Incident Date:
August 9, 2024
Overview
Title
Credible Group Hit by Major Ransomware Attack from Play Group
Victim
Credible Group
Attacker
Play
Location
First Reported
August 9, 2024
Ransomware Attack on Credible Group by Play Ransomware
On August 12, 2024, Credible Group, a renowned Canadian furniture design and manufacturing company, became the latest victim of a ransomware attack orchestrated by the Play ransomware group. This incident has compromised a significant amount of sensitive information, including private and personal confidential data, client documents, budget details, payroll records, accounting information, contracts, tax documents, identification details, and financial information.
About Credible Group
Founded in 1996 by Anthony Marcucci, Credible Group has grown from a small garage operation to a recognized leader in the furniture industry. The company employs over 300 skilled designers and artisans at its 100,000 square foot facility in Canada. Credible Group is known for its commitment to craftsmanship and quality, producing durable and aesthetically appealing furniture pieces. Their clientele includes prestigious organizations such as the United Nations and luxury hotels on the Las Vegas Strip.
Attack Overview
The ransomware attack on Credible Group was discovered on August 12, 2024. The Play ransomware group, also known as PlayCrypt, claimed responsibility for the attack via their dark web leak site. The breach compromised a wide array of sensitive information, although the exact size of the data leak remains unknown. The attack has raised significant concerns about the security measures in place at Credible Group, given the extensive nature of the compromised data.
About Play Ransomware Group
The Play ransomware group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others. They use tools like Mimikatz for privilege escalation and employ custom tools to enumerate users and computers on compromised networks.
Penetration Methods
Play ransomware typically gains initial access through exploiting vulnerabilities in RDP servers and Microsoft Exchange, as well as using valid accounts, including VPN accounts. They execute their code using scheduled tasks and PsExec, and maintain persistence through similar methods. The group is adept at evading defenses by disabling antimalware and monitoring solutions using tools like Process Hacker and GMER.
Impact on Credible Group
The attack on Credible Group has not only compromised sensitive data but also highlighted potential vulnerabilities in the company's cybersecurity measures. Given the company's prominence in the furniture industry and its extensive client base, the breach could have far-reaching implications. The incident underscores the importance of vigilant cybersecurity practices, especially for companies handling sensitive and confidential information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.