Elgin Separation Solutions Hit by Play Ransomware Group Attack

Incident Date:

September 10, 2024

World map

Overview

Title

Elgin Separation Solutions Hit by Play Ransomware Group Attack

Victim

Elgin Separation Solutions

Attacker

Play

Location

Raleigh, USA

Illinois, USA

First Reported

September 10, 2024

Elgin Separation Solutions Targeted by Play Ransomware Group

Elgin Separation Solutions, a renowned manufacturer in the liquid/solids separation and waste management sector, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack has led to the unauthorized access and potential exfiltration of sensitive data, posing significant risks to the company and its clients.

About Elgin Separation Solutions

Founded in 1864 in Elgin, Illinois, Elgin Separation Solutions is a leading provider of specialized equipment for industries such as oil and gas, mining, and waste management. The company offers a comprehensive range of products, including vertical and horizontal centrifuges, decanter centrifuges, mobile packaged treatment systems, vibrating screens, and cuttings dryers. Elgin's solutions are designed to enhance material handling and processing efficiency, making them a trusted resource in their field.

Elgin Separation Solutions was recently acquired by TerraSource Global in January 2023, a move expected to bolster their capabilities and expand their market reach. Despite their long-standing reputation and innovative product offerings, the company has now become a target for cybercriminals.

Details of the Ransomware Attack

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Elgin Separation Solutions. The breach has compromised a wide array of sensitive data, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach highlights the severity of the attack and its potential ramifications.

About the Play Ransomware Group

Active since June 2022, the Play ransomware group has targeted various industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs sophisticated methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks.

Play ransomware is known for its unique approach, including the use of minimalistic ransom notes that direct victims to contact the threat actors via email. The group has impacted over 300 entities globally, making it a significant threat in the cybersecurity landscape.

Potential Vulnerabilities

Elgin Separation Solutions, like many companies in the manufacturing sector, may have been vulnerable due to several factors. These could include outdated software, insufficient network segmentation, and inadequate security measures for remote access points. The Play ransomware group likely exploited these vulnerabilities to penetrate the company's systems and execute their attack.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.