Erie Meats Hit by Play Ransomware: Data Compromised in Major Cyberattack

Incident Date:

August 13, 2024

World map

Overview

Title

Erie Meats Hit by Play Ransomware: Data Compromised in Major Cyberattack

Victim

Erie Meats

Attacker

Play

Location

Mississauga, Canada

, Canada

First Reported

August 13, 2024

Ransomware Attack on Erie Meats by Play Ransomware Group

Erie Meats, a prominent Canadian company specializing in meat processing and food production, has recently fallen victim to a ransomware attack orchestrated by the notorious Play ransomware group. The company, headquartered in Mississauga, Ontario, operates additional facilities in Listowel and employs around 327 people. With over 750,000 square feet of production and distribution space, Erie Meats generates approximately $200 million in annual revenue.

Company Overview

Founded in 1977, Erie Meats has grown from a small processing plant in Toronto to one of Canada's largest meat processors. The company produces a wide range of meat products, including chicken, pork, turkey, and beef, catering to both retail and foodservice sectors. Their product offerings include hotdogs, sausages, deli meats, ribs, burgers, and various prepared items such as battered and breaded chicken and sous vide products. Erie Meats is known for its commitment to quality, utilizing state-of-the-art technology and high-quality raw materials in its production processes.

Attack Overview

The ransomware attack on Erie Meats has compromised private and personal confidential data, including client documents, identification information, and other sensitive details. The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack via their dark web leak site. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.

About Play Ransomware Group

Play ransomware group distinguishes itself by employing various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks. The group is known for its minimalistic ransom notes, directing victims to contact them via email without an initial ransom demand.

Potential Vulnerabilities

Erie Meats' extensive production and distribution network, coupled with its reliance on state-of-the-art technology, may have presented vulnerabilities that the Play ransomware group exploited. The group's ability to disable antimalware and monitoring solutions, along with their use of tools like Process Hacker and GMER, could have facilitated the penetration of Erie Meats' systems.

Impact and Implications

The attack on Erie Meats underscores the growing threat of ransomware to critical industries, including food production. The compromise of sensitive data not only affects the company's operations but also poses significant risks to its clients and partners. As ransomware groups like Play continue to evolve their tactics, it is crucial for companies to bolster their cybersecurity measures to mitigate such risks.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.