Granit Design Inc. Hit by Play Ransomware: Security Concerns Rise

Incident Date:

August 6, 2024

World map

Overview

Title

Granit Design Inc. Hit by Play Ransomware: Security Concerns Rise

Victim

Granit Design Inc

Attacker

Play

Location

Stanstead, Canada

, Canada

First Reported

August 6, 2024

Ransomware Attack on Granit Design Inc. by Play Ransomware Group

On August 7, Granit Design Inc., a leading North American fabricator specializing in natural stones, quartz, and ultra-compact surfaces, fell victim to a ransomware attack orchestrated by the notorious Play ransomware group. The attack has raised significant concerns about the security measures in place at the company and the broader implications for the construction sector.

About Granit Design Inc.

Granit Design Inc. is a prominent player in the stone fabrication industry, known for its innovative designs and high-quality materials. Established in 1990, the Canadian company employs over 300 individuals and generates annual revenues exceeding CAD 50 million. The company’s unique selling proposition lies in its proprietary PerfectF.I.T.™ process, which ensures a high-quality countertop installation within 24 hours after cabinet installation. This efficiency, combined with a diverse range of materials and specialized treatments like GDGuard™, sets Granit Design apart in the market.

Details of the Attack

The ransomware attack was discovered on August 7, when Granit Design identified unauthorized access to its systems. The Play ransomware group, active since June 2022, claimed responsibility for the attack via their dark web leak site. The extent of the data leak remains unknown, but the incident has undoubtedly disrupted the company’s operations and raised concerns about data security.

About Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been responsible for numerous high-profile attacks since its emergence. Initially targeting Latin America, the group has expanded its reach to North America, South America, and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others. The group uses sophisticated methods to gain initial access, execute code, and maintain persistence on compromised systems.

Potential Vulnerabilities

Granit Design’s reliance on digital systems for its proprietary processes and customer interactions may have made it an attractive target for the Play ransomware group. The company’s extensive network of designers, architects, and clients likely involves significant data exchange, which could be exploited by threat actors. Additionally, the use of online systems for lot reservations and layout approvals may have presented vulnerabilities that the attackers leveraged.

Penetration Methods

The Play ransomware group is known for using various methods to penetrate systems, including exploiting RDP and VPN vulnerabilities, as well as Microsoft Exchange flaws. Once inside, the group employs tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers. The group’s ability to disable antimalware solutions and use scheduled tasks for persistence further complicates detection and mitigation efforts.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.