Garvey Flooring America Faces Data Breach by Play Ransomware
Incident Date:
September 29, 2024
Overview
Title
Garvey Flooring America Faces Data Breach by Play Ransomware
Victim
Garvey Flooring America
Attacker
Play
Location
First Reported
September 29, 2024
Ransomware Attack on Garvey Flooring America by Play Ransomware Group
Garvey Flooring America, a well-established flooring retailer and installer in Pennsylvania, has recently been targeted by the Play ransomware group. This attack has resulted in the unauthorized access and potential exfiltration of sensitive data, posing significant risks to the company's operations and the privacy of its clients and employees.
Company Profile and Industry Standing
Garvey Flooring America, also known as Garvey's Carpet, has been serving the Susquehanna Valley region since 1989. The company operates multiple locations, including Bloomsburg and Northumberland, and offers a wide range of flooring solutions such as carpet, hardwood, laminate, tile, and luxury vinyl tile. Known for its commitment to customer satisfaction and quality service, Garvey's has built a strong reputation in the local community. The company emphasizes expert installation services and personalized customer care, distinguishing itself from larger chains.
Vulnerabilities and Attack Overview
The Play ransomware group, active since June 2022, has claimed responsibility for the attack on Garvey Flooring America. The breach has compromised a variety of sensitive data, including client documents, payroll records, and financial information. The attack highlights vulnerabilities in the company's cybersecurity infrastructure, which may have been exploited through methods such as exploiting RDP servers, FortiOS vulnerabilities, or Microsoft Exchange vulnerabilities. The Play group is known for its sophisticated attack methods, including the use of custom tools and network scanners to infiltrate and maintain persistence within targeted systems.
Play Ransomware Group's Tactics
The Play ransomware group has distinguished itself by targeting a diverse range of industries and employing advanced techniques to evade detection. The group uses tools like Mimikatz for privilege escalation and employs defense evasion strategies to disable antimalware solutions. Unlike typical ransomware groups, Play does not include an initial ransom demand in its notes, instead directing victims to contact them via email. This approach, combined with their dark web presence, allows them to exert pressure on victims while maintaining anonymity.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.