Play Group's Ransomware Attack Targets Innerspec Technologies

Incident Date:

July 4, 2024

World map

Overview

Title

Play Group's Ransomware Attack Targets Innerspec Technologies

Victim

Innerspec Technologies

Attacker

Play

Location

Forest, USA

Virginia, USA

First Reported

July 4, 2024

Ransomware Attack on Innerspec Technologies by Play Group

Company Profile: Innerspec Technologies

Innerspec Technologies, a pioneer in the field of non-destructive testing (NDT), has been a significant player in the industry since its inception in 1989. Headquartered in Forest, Virginia, and Madrid, Spain, the company specializes in advanced NDT solutions, including Electro-Magnetic Acoustic Transducer (EMAT) technology. With hundreds of EMAT systems installed globally, Innerspec leads in providing innovative inspection solutions across various sectors such as aerospace, energy, and manufacturing. The company's dedication to research and development has positioned it at the forefront of NDT technology, focusing on high-power ultrasonic testing and electromagnetic techniques that cater to both metallic and non-metallic materials.

Details of the Ransomware Attack

The ransomware group Play, also known as PlayCrypt, has recently targeted Innerspec Technologies, marking a significant cybersecurity incident for the company. The attack was publicly claimed on Play's dark web leak site, indicating a deliberate attempt to undermine Innerspec's operations. This incident highlights the ongoing threats faced by companies in the manufacturing and technology sectors, where intellectual property and sensitive data are highly valuable to cybercriminals.

Profile of the Play Ransomware Group

Since its emergence in June 2022, Play has been active in the cybercrime arena, targeting a wide range of industries across multiple regions. The group is known for its methodical approach to infiltrating networks, utilizing vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others. Play's operational tactics include the use of scheduled tasks, PsExec, and Group Policy Objects to execute and spread their ransomware within the victim's network. The group's distinctive strategy does not initially demand ransom; instead, it directs victims to contact them via email, complicating the response and resolution process.

Potential Vulnerabilities and Entry Points

Innerspec Technologies, with its global presence and significant reliance on digital technology for R&D and operations, presents multiple potential vectors for cyber attacks. The sophisticated nature of Play's attack methods suggests that they could have exploited unpatched vulnerabilities or previously compromised credentials to gain access to Innerspec's networks. The integration of advanced technologies and the necessity for remote access in such a global company increase the risk of such breaches, particularly if not all endpoints are adequately secured.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.