Ransomware Attack on Omega Industries by Play Ransomware Group

Omega Industries, a leading manufacturer in the industrial sector, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack has compromised a significant amount of sensitive data, including private and personal confidential information, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data.

About Omega Industries

Omega Industries is a prominent player in the manufacturing sector, primarily recognized as the largest main line crossing supplier in the United States. The company specializes in manufacturing a wide range of products, including dredging and steel fabricated goods, essential for various infrastructure projects. With manufacturing facilities strategically located in Vancouver, Washington; Sherman, Texas; Bakersfield, California; and South Sioux City, Nebraska, Omega Industries is well-equipped to handle demanding projects across the nation. Their commitment to exceptional customer service and high-quality products underscores their operational philosophy, aiming to meet the diverse needs of their clientele effectively.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Omega Industries. The attackers have compromised a wide array of sensitive data, potentially jeopardizing the privacy and security of both the company and its clients. The breach has exposed critical information, including private and personal confidential information, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data.

About Play Ransomware Group

The Play ransomware group has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, particularly Brazil, the group has expanded its operations to North America, South America, and Europe. The group targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.

Attack Methods

Play ransomware uses various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz to extract high-privilege credentials and escalate privileges. They also use custom tools to enumerate all users and computers on a compromised network and copy files from the Volume Shadow Copy Service (VSS). The ransomware executes its code using scheduled tasks and PsExec, and it maintains persistence on the compromised systems through these methods.

Penetration of Omega Industries' Systems

Omega Industries' extensive network and diverse operations may have presented multiple entry points for the attackers. The company's reliance on interconnected systems across various manufacturing facilities could have made it vulnerable to exploitation. The Play ransomware group likely leveraged these vulnerabilities to infiltrate Omega Industries' systems and execute their attack.

Sources

• Omega Industries
• SOCRadar - Play Ransomware
• Symantec - Play Ransomware
• Cyberint - Play Ransomware
• Red Piranha - Play Ransomware