GDB International Hit by Play Ransomware: Data Compromised
Incident Date:
August 29, 2024
Overview
Title
GDB International Hit by Play Ransomware: Data Compromised
Victim
GDB International
Attacker
Play
Location
First Reported
August 29, 2024
Ransomware Attack on GDB International by Play Ransomware Group
GDB International, a leading provider of recycling and sustainability solutions, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This incident has compromised a significant amount of sensitive information, posing severe risks to the company's operations and its clients' privacy.
About GDB International
Founded in 1993 and headquartered in New Brunswick, New Jersey, GDB International specializes in recycling various commodities, including plastics, metals, paper, and paints. The company is particularly noted for its expertise in recycling post-consumer plastics and is the largest producer of recycled latex paints globally. With a workforce of approximately 91 to 105 employees, GDB International operates over 2.2 million square feet of distribution and processing space across multiple continents, including North America, Europe, and Asia.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on GDB International via their dark web leak site. The attackers have compromised a wide array of sensitive information, including private and personal confidential data, client documents, budget details, payroll records, accounting information, contracts, tax documents, IDs, and financial data. This breach poses significant risks to the company's operations and its clients' privacy, potentially leading to severe financial and reputational damage.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.
Attack Methods
Play ransomware employs various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group uses tools like Mimikatz for privilege escalation and employs custom tools to enumerate users and computers on a compromised network. They also use tools to disable antimalware and monitoring solutions, making their attacks particularly challenging to detect and mitigate.
Potential Vulnerabilities
GDB International's extensive global operations and the sensitive nature of the data they handle make them a prime target for ransomware attacks. The company's reliance on digital systems for managing its recycling and sustainability solutions could have provided multiple entry points for the attackers. The breach underscores the importance of comprehensive cybersecurity measures, especially for companies handling large volumes of sensitive data.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.