Ransomware Attack on Inktel Contact Center Solutions by Play Ransomware Group

Inktel Contact Center Solutions, a prominent business process outsourcer (BPO) headquartered in Miami, Florida, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, posing significant risks to both the company and its clients.

About Inktel Contact Center Solutions

Founded in 1997, Inktel Contact Center Solutions specializes in providing comprehensive customer support services. The company serves a diverse clientele, including Fortune 500 companies, government agencies, and non-profit organizations. Inktel's service offerings extend beyond traditional call center operations to include fulfillment services, direct mail, e-commerce solutions, data management, social media management, and graphic design. The company employs approximately 953 individuals and generates an annual revenue of around $102.5 million.

Inktel distinguishes itself through its high-touch engagement approach, which emphasizes personalized customer service. The company utilizes advanced technology and proven methodologies to ensure world-class service. Notable clients include Louis Vuitton, Sephora, Goodyear Tire, and Kellogg's. Inktel's commitment to employee satisfaction has earned it accolades such as the "Best Company to Work For" in Florida in 2009 and a Silver Award at the 2018 Stevie Awards for "Employer of the Year – Business Services."

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Inktel via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The scope of the data affected underscores the severity of the breach.

About the Play Ransomware Group

Active since June 2022, the Play ransomware group initially focused on Latin America but has since expanded its operations to North America, South America, and Europe. The group targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. Play ransomware uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.

Penetration Methods

Play ransomware likely penetrated Inktel's systems through a combination of exploiting known vulnerabilities and using valid accounts, including VPN accounts that may have been reused or illicitly acquired. The group is known for using scheduled tasks and PsExec for execution and persistence, as well as tools to disable antimalware and monitoring solutions. The ransomware group posts information about their attacks and victims on their official data leak site, directing victims to contact them via email for ransom negotiations.

Sources

• Inktel Contact Center Solutions
• Inktel - Wikipedia
• SOCRadar - Play Ransomware
• Cyberint - Play Ransomware
• Proven Data - Play Ransomware