Lightspeed Networks Ltd Targeted by Play Ransomware Group

Incident Date:

April 11, 2024

World map

Overview

Title

Lightspeed Networks Ltd Targeted by Play Ransomware Group

Victim

Lightspeed Networks

Attacker

Play

Location

Portland, USA

Oregon, USA

First Reported

April 11, 2024

Lightspeed Networks Ltd Targeted by Play Ransomware Group

Victim Profile

Lightspeed Networks Ltd, a medium-sized company operating in the Telecommunications sector, with a focus on providing fiber-optic bandwidth infrastructure services in the Pacific Northwest. LS Networks is an internet service provider catering rural areas with less than 100 staff & has around $55 M in revenue. Lightspeed Networks Ltd was incorporated on 2 September 2013.

Industry Standing

The telecommunications company stands out in the industry for its high-performance, dedicated connectivity fiber network that consistently performs and avoids oversubscription, with a service availability of 99.99%. The company's wide range of services includes internet service provision, unified communications, ethernet networks, and managed services. Notable customers include INSITU, Bend Parks and Recreation District, and Medford Radiology Group. This latter is an Oregon radiology practice that suffered a significant ransomware attack which received media coverage back in late May 2023.

Vulnerabilities

After months of weak performance against other compeeting companies in the same sector, Lightspeed Networks Ltd may have been targeted by threat actors like the Play Ransomware group due to known vulnerabilities involving gaining initial access through valid accounts. Play Ransomware actors exfiltrate data using tools like WinRAR and WinSCP, encrypting files with AES-RSA hybrid encryption.

Sources:

Lightspeed Networks Ltd Website

Endole - Lightspeed Networks Ltd Company Profile

IC3 - Play Ransomware Tactics

Proven Data - Play Ransomware Overview

Medford Radiology Group victims of cybersecurity event - KOBI-TV NBC5

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.