Play Ransomware Group Targets Celluphone, Inc., Compromising Sensitive Data
Incident Date:
June 13, 2024
Overview
Title
Play Ransomware Group Targets Celluphone, Inc., Compromising Sensitive Data
Victim
Celluphone, Inc.
Attacker
Play
Location
First Reported
June 13, 2024
Ransomware Attack on Celluphone, Inc. by Play Ransomware Group
Overview of Celluphone, Inc.
Celluphone, Inc., based in Cerritos, California, is a prominent wholesale distributor of wireless equipment. Founded in 1983, the company has established itself as a master agent for various wireless carriers, facilitating the distribution of smartphones, tablets, and accessories to retailers. With an annual revenue of $145.5 million and a workforce of 42 employees, Celluphone supports several hundred active dealers across the United States. The company is renowned for its comprehensive support services, including sales training, marketing support, and technical assistance.
Details of the Ransomware Attack
Celluphone, Inc. recently fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack resulted in the compromise of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, accounting data, contracts, tax information, IDs, and financial records. The breach was publicly claimed by the Play group on their dark web leak site, highlighting the severity of the incident.
About the Play Ransomware Group
The Play ransomware group is a significant player in the cybercrime landscape, known for targeting Linux systems. Originating from the Babuk code, Play ransomware has evolved to deploy cryptographic lockers, focusing on ESXi environments. The group is operated by Ransom House and has been active since 2021. Play ransomware is characterized by its unique verbose ransom notes and the use of various hack tools and utilities to achieve initial access and maintain persistence within compromised networks.
Potential Vulnerabilities and Attack Penetration
Celluphone's role as a master agent in the telecommunications sector involves handling vast amounts of sensitive data, making it an attractive target for ransomware groups. The Play ransomware group likely exploited vulnerabilities in Celluphone's network security, potentially through phishing attacks, unpatched software, or weak access controls. The group's sophisticated tactics, including the use of AnyDesk, NetCat, and encoded PowerShell Empire scripts, suggest a well-coordinated effort to infiltrate and compromise Celluphone's systems.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.