Pacific Coast Building Products Hit by Play Ransomware Attack

Incident Date:

September 20, 2024

World map

Overview

Title

Pacific Coast Building Products Hit by Play Ransomware Attack

Victim

Pacific Coast Building Products

Attacker

Play

Location

Rancho Cordova, USA

California, USA

First Reported

September 20, 2024

Play Ransomware Group Targets Pacific Coast Building Products

Pacific Coast Building Products, Inc. (PCBP), a prominent player in the wholesale building materials industry, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, significantly impacting the company's operations and financial stability.

About Pacific Coast Building Products

Founded in 1953 by Fred Anderson in Sacramento, California, PCBP has grown from its origins as Anderson Lumber to become a major holding company in the building materials sector. The company operates through several subsidiaries, including Basalite Building Products, PABCO Building Products, and Pacific Coast Supply, managing over 80 locations across various states such as California, Hawaii, and Oklahoma. Under the leadership of Ryan Lucchetti, who became President and CEO in 2021, PCBP continues to emphasize quality products, exceptional service, and strong relationships.

Attack Overview

The Play ransomware group has claimed responsibility for the attack on PCBP via their dark web leak site. The breach has compromised a wide range of sensitive information, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack, affecting both the operational and financial aspects of the company.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. They target a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.

Attack Methods and Penetration

Play ransomware employs various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks. The group is known for its minimalistic ransom notes, directing victims to contact them via email without an initial ransom demand.

Vulnerabilities and Impact

PCBP's extensive operations and the diverse range of subsidiaries make it a lucrative target for ransomware groups like Play. The company's reliance on interconnected systems and vast amounts of sensitive data further increases its vulnerability. The breach has not only compromised critical data but also poses a significant threat to the company's reputation and financial health.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.