Farmers' Rice Cooperative Hit by Play Ransomware Attack
Incident Date:
September 4, 2024
Overview
Title
Farmers' Rice Cooperative Hit by Play Ransomware Attack
Victim
Farmers' Rice Cooperative
Attacker
Play
Location
First Reported
September 4, 2024
Farmers' Rice Cooperative Targeted by Play Ransomware Group
Farmers' Rice Cooperative (FRC), a prominent grower-owned rice marketing cooperative based in Sacramento, California, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has compromised a wide array of sensitive data, posing significant risks to the cooperative's operations and the privacy of its stakeholders.
About Farmers' Rice Cooperative
Established in 1944, Farmers' Rice Cooperative is a key player in the rice industry, serving as a crucial link between rice growers and food manufacturers both domestically and internationally. The cooperative operates rice milling and processing facilities located adjacent to the Port of Sacramento, enhancing its logistical capabilities for rice distribution. FRC employs approximately 264 individuals and generates an annual revenue of around $204 million. The cooperative is known for its high-quality California rice and its vertically integrated operations, which manage the entire rice production process from cultivation to distribution.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on FRC via their dark web leak site. The breach has led to the exposure of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, contracts, tax information, identification documents, and financial data. This attack not only disrupts FRC's operations but also threatens the privacy and security of its members and clients.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware distinguishes itself by using various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.
Potential Vulnerabilities
FRC's extensive use of technology to streamline operations, such as automating coding and labeling processes, may have inadvertently exposed vulnerabilities that the Play ransomware group exploited. The cooperative's reliance on interconnected systems for managing the entire rice production process could have provided multiple entry points for the attackers. Additionally, the cooperative's significant data handling, including financial and personal information, makes it an attractive target for ransomware groups seeking to maximize their impact.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.