Play Ransomware Hits Gateway Extrusions: Data Compromised

Incident Date:

July 25, 2024

World map

Overview

Title

Play Ransomware Hits Gateway Extrusions: Data Compromised

Victim

Gateway Extrusions

Attacker

Play

Location

Union, USA

Missouri, USA

First Reported

July 25, 2024

Ransomware Attack on Gateway Extrusions by Play Ransomware Group

Overview of Gateway Extrusions

Gateway Extrusions, Ltd., based in Union, Missouri, is a specialized manufacturer in the aluminum extrusion industry. The company employs approximately 102 individuals and generates an estimated revenue of $23 million. Gateway Extrusions is known for its comprehensive aluminum extrusion services, which include design, production, finishing, and packaging. The company operates 11 extrusion lines running 24 hours a day, five days a week, ensuring high output and efficiency. Their commitment to quality and customer service is evident through stringent quality control measures and customer engagement initiatives.

Details of the Ransomware Attack

Gateway Extrusions recently fell victim to a ransomware attack orchestrated by the Play ransomware group. The breach compromised a significant amount of sensitive information, including private and personal confidential data, client documents, budget details, payroll records, accounting information, contracts, tax documents, IDs, and financial information. This attack has potentially severe implications for the company's operations and the privacy of its clients.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for targeting a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools for network enumeration and data theft.

Penetration and Impact

The Play ransomware group likely penetrated Gateway Extrusions' systems through vulnerabilities in their network infrastructure. The group uses scheduled tasks, PsExec, and Group Policy Objects to distribute ransomware executables within the internal network. They also employ tools to disable antimalware and monitoring solutions, making it challenging for the company to detect and mitigate the attack. The breach has resulted in the exposure of critical data, posing significant risks to the company's operations and client trust.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.