Evans Distribution Systems Hit by Play Ransomware Exposing Data

Incident Date:

September 10, 2024

World map

Overview

Title

Evans Distribution Systems Hit by Play Ransomware Exposing Data

Victim

Evans Distribution Systems

Attacker

Play

Location

Melvindale, USA

Michigan, USA

First Reported

September 10, 2024

Ransomware Attack on Evans Distribution Systems by Play Ransomware Group

Evans Distribution Systems, a prominent third-party logistics (3PL) provider based in Melvindale, Michigan, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has compromised a wide array of sensitive information, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax information, identification documents, and financial data.

About Evans Distribution Systems

Established in 1929, Evans Distribution Systems has been family-owned and operated for four generations. The company specializes in warehousing, fulfillment, transportation, staffing, and value-added packaging services. Operating nine warehouse facilities that collectively span nearly 3.5 million square feet, Evans employs approximately 501 to 1,000 individuals. The company has been recognized as a "Top 100 3PL" for 22 consecutive years, highlighting its reputation in the logistics industry.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Evans Distribution Systems. The breach has led to the exposure of sensitive data, which could have severe implications for the company's operations and its clients. The attack was announced on the group's dark web leak site, where they often post information about their victims.

About Play Ransomware Group

Active since June 2022, the Play ransomware group initially focused on Latin America but has since expanded its operations to North America, South America, and Europe. The group targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. Play ransomware is known for using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.

Penetration Methods

Play ransomware employs sophisticated techniques to penetrate systems. They use scheduled tasks, PsExec, and Group Policy Objects (GPOs) to distribute ransomware executables within the internal network. The group also uses tools like Mimikatz to extract high-privilege credentials and escalate privileges. To evade detection, they disable antimalware and monitoring solutions using tools like Process Hacker and GMER.

Impact on Evans Distribution Systems

The ransomware attack on Evans Distribution Systems has exposed critical data, potentially affecting their operations and client trust. Given the company's extensive capabilities and diverse service offerings across various industries, the breach could have far-reaching consequences. The attack underscores the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.