InteriorWorx Commercial Flooring Faces Ransomware Threat
Incident Date:
September 29, 2024
Overview
Title
InteriorWorx Commercial Flooring Faces Ransomware Threat
Victim
InteriorWorx Commercial Flooring
Attacker
Play
Location
First Reported
September 29, 2024
Ransomware Attack on InteriorWorx Commercial Flooring by Play Group
InteriorWorx Commercial Flooring, a prominent player in the commercial flooring industry, has recently been targeted by the Play ransomware group. The attack, discovered on September 30, has raised concerns about the security measures in place at the company, which is known for its specialized flooring solutions tailored to various commercial sectors.
Company Profile and Industry Standing
Based in Tempe, Arizona, InteriorWorx Commercial Flooring, operating under the registered name ReSource Arizona LLC, has over 35 years of experience in the construction sector. The company employs between 51 to 100 individuals and generates an estimated annual revenue of $5.1 million. InteriorWorx is distinguished by its collaborative approach, offering expert consultation and a wide range of flooring solutions, including resilient flooring, concrete finishing, and ceramic tiling. Their commitment to understanding the unique needs of different commercial environments, such as healthcare and education, sets them apart in the industry.
Details of the Ransomware Attack
The Play ransomware group, active since June 2022, has claimed responsibility for the attack on InteriorWorx. Known for targeting diverse industries, including construction, the group has expanded its operations across North America, South America, and Europe. The attack on InteriorWorx highlights the vulnerabilities that construction companies face, particularly those with significant digital footprints and reliance on networked systems for project management and client interactions.
Play Ransomware Group's Modus Operandi
Play ransomware is notorious for its sophisticated attack methods, often exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange. The group uses tools like Mimikatz for privilege escalation and employs custom tools to enumerate network users and computers. Their attacks are characterized by the use of scheduled tasks and PsExec for persistence, and they often disable antimalware solutions to evade detection. Unlike typical ransomware groups, Play does not include an initial ransom demand in their notes, directing victims to contact them via email instead.
Potential Vulnerabilities and Impact
The attack on InteriorWorx underscores the importance of effective cybersecurity measures in the construction sector. Companies like InteriorWorx, which rely heavily on digital systems for project management and client engagement, are particularly vulnerable to ransomware attacks. The breach's impact on InteriorWorx's operations and client data remains to be fully assessed, but it serves as a stark reminder of the evolving threat landscape faced by businesses today.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.