Inktel Contact Center Solutions Hit by Play Ransomware Attack

Incident Date:

September 18, 2024

World map

Overview

Title

Inktel Contact Center Solutions Hit by Play Ransomware Attack

Victim

Inktel Contact Center Solutions

Attacker

Play

Location

Doral, USA

Florida, USA

First Reported

September 18, 2024

Ransomware Attack on Inktel Contact Center Solutions by Play Ransomware Group

Inktel Contact Center Solutions, a prominent business process outsourcer (BPO) headquartered in Miami, Florida, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, posing significant risks to both the company and its clients.

About Inktel Contact Center Solutions

Founded in 1997, Inktel Contact Center Solutions specializes in providing comprehensive customer support services. The company serves a diverse clientele, including Fortune 500 companies, government agencies, and non-profit organizations. Inktel's service offerings extend beyond traditional call center operations to include fulfillment services, direct mail, e-commerce solutions, data management, social media management, and graphic design. The company employs approximately 953 individuals and generates an annual revenue of around $102.5 million.

Inktel distinguishes itself through its high-touch engagement approach, which emphasizes personalized customer service. The company utilizes advanced technology and proven methodologies to ensure world-class service. Notable clients include Louis Vuitton, Sephora, Goodyear Tire, and Kellogg's. Inktel's commitment to employee satisfaction has earned it accolades such as the "Best Company to Work For" in Florida in 2009 and a Silver Award at the 2018 Stevie Awards for "Employer of the Year – Business Services."

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Inktel via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The scope of the data affected underscores the severity of the breach.

About the Play Ransomware Group

Active since June 2022, the Play ransomware group initially focused on Latin America but has since expanded its operations to North America, South America, and Europe. The group targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. Play ransomware uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.

Penetration Methods

Play ransomware likely penetrated Inktel's systems through a combination of exploiting known vulnerabilities and using valid accounts, including VPN accounts that may have been reused or illicitly acquired. The group is known for using scheduled tasks and PsExec for execution and persistence, as well as tools to disable antimalware and monitoring solutions. The ransomware group posts information about their attacks and victims on their official data leak site, directing victims to contact them via email for ransom negotiations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.