Mill Creek Lumber Hit by Play Ransomware: Impact on Operations and Security
Incident Date:
August 15, 2024
Overview
Title
Mill Creek Lumber Hit by Play Ransomware: Impact on Operations and Security
Victim
Mill Creek Lumber
Attacker
Play
Location
First Reported
August 15, 2024
Ransomware Attack on Mill Creek Lumber by Play Group
Mill Creek Lumber, a prominent supplier of building materials in the construction sector, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This incident underscores the increasing threat of cyberattacks on businesses, particularly those in critical infrastructure sectors.
About Mill Creek Lumber
Mill Creek Lumber is a comprehensive supplier of building materials, specializing in engineered wood products and services tailored for the construction industry. Their offerings include engineered wood beams, joists, and panels, which are designed to meet the needs of both residential and commercial construction projects. The company emphasizes the use of engineered wood, recognized for its strength, durability, and environmental benefits. These products are manufactured from renewable resources, contributing to sustainable building practices.
In addition to supplying materials, Mill Creek Lumber offers technical support and resources for builders and architects. This includes construction guides, installation instructions, and design assistance, ensuring that projects are completed efficiently and to high standards. Their commitment to quality is evident in their collaborations with organizations like the APA – The Engineered Wood Association.
Attack Overview
The ransomware attack on Mill Creek Lumber has significantly impacted the company's operations. The Play ransomware group, also known as PlayCrypt, claimed responsibility for the attack via their dark web leak site. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.
About the Play Ransomware Group
The Play ransomware group initially focused on Latin America but later expanded to North America, South America, and Europe. They use various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.
Play ransomware distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email. The group has impacted over 300 entities, including businesses and critical infrastructure across multiple regions.
Potential Vulnerabilities
Mill Creek Lumber's extensive digital infrastructure, which includes detailed specifications and performance ratings for their products, technical support resources, and collaborations with industry organizations, may have made them a target for threat actors. The company's reliance on digital systems for operations and customer support could have provided multiple entry points for the ransomware group.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.