lorenz attacks Wes-tec inc.

Incident Date:

October 19, 2022

World map

Overview

Title

lorenz attacks Wes-tec inc.

Victim

Wes-tec inc.

Attacker

Lorenz

Location

Aliso viejo, USA

California, USA

First Reported

October 19, 2022

Wes-Tec Inc. Suffers Ransomware Attack by Play Ransomware Group

Wes-Tec Inc., a company specializing in distributed networks and wireless integration services, has been targeted by the Play Ransomware group, as reported on their dark web leak site. The company, which operates in the telecommunications sector, has been impacted by the ransomware attack, which has resulted in the theft of private and confidential data, including client and employee information.

Company Overview

Wes-Tec Inc. is a company that offers turnkey commercial wireless and public safety integration services to carriers, neutral hosts, venue owners, and developers looking to deploy and/or maintain iDAS, oDAS, and/or small cell systems. The company has completed 1,000 LTE projects and has partnered with SOLiD to bring fully integrated commercial wireless, essential 2-Way Radio, and public safety solutions to Wes-Tec DAS deployments.

Company Size and Industry Standout

Wes-Tec Inc. is a WBENC Certified Company and has been recognized as one of the Top 100 Woman Owned Businesses in California and a Top 500 Woman Owned Businesses Nationwide by Diversity Business. The company's expertise in distributed networks and wireless integration services sets it apart in the telecommunications sector.

Vulnerabilities and Targeting

The Play Ransomware group, known for its use of AdFind, a command-line query tool capable of collecting information from Active Directory, gained initial access to Wes-Tec's network through exposed RDP servers and FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812. Once inside the network, the group used "lolbins" binaries, Group Policy Objects, scheduled tasks, PsExec, or wmic to distribute executables and gain full access to the internal network.

Mitigation Strategies

To mitigate the risks of ransomware attacks, companies should employ multifactor authentication, apply the least privilege principle, enable logical and physical network segmentation, deploy attack surface management, secure domain controllers, maintain offline and encrypted backups, and track security patches and software/OS updates.

The Play Ransomware group's attack on Wes-Tec Inc. highlights the importance of robust cybersecurity measures in the telecommunications sector. Companies must remain vigilant against ransomware threats and implement comprehensive security strategies to protect their networks and data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.