High Performance Services Targeted in Play Ransomware Attack
Incident Date:
May 7, 2024
Overview
Title
High Performance Services Targeted in Play Ransomware Attack
Victim
High Performance Services
Attacker
Play
Location
First Reported
May 7, 2024
Ransomware Attack on High Performance Services
Victim Profile
High Performance Services, LLC is a full-service wireless telecommunication project management and site acquisition firm based in Lafayette, Louisiana. Founded in 2013, the company operates in the Southeast United States and Puerto Rico, offering services such as project management, site candidate identification, leasing, and zoning and permitting. With an estimated revenue of $10.6 million and 11-50 employees, High Performance Services stands out in the industry for its expertise in wireless infrastructure projects.
Ransomware Attack Details
The ransomware group known as "Play" targeted High Performance Services' website, resulting in the compromise of sensitive information including client documents, budgets, payroll, accounting records, contracts, tax information, IDs, and financial data. The specific details of the ransom demand, exfiltrated data amount, and attack technique have not been disclosed.
Ransomware Group Profile
The Play ransomware group, operated by Ransom House, is known for targeting Linux systems and has evolved from data theft to deploying cryptographic lockers. The group utilizes encryption methods similar to Baseline Babuk and provides explicit instructions to victims through a detailed ransom note. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after gaining initial access, showcasing a sophisticated approach to ransomware attacks.
Company Vulnerabilities
High Performance Services' focus on wireless telecommunication projects and the sensitive nature of the data they handle make them an attractive target for threat actors. The company's involvement in site acquisition, project management, and leasing activities may expose them to vulnerabilities in their systems, potentially allowing ransomware groups like Play to exploit weaknesses and compromise their data.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.