Play Ransomware Hits Omicron Granite & Tile, Exposing Client Data
Incident Date:
August 29, 2024
Overview
Title
Play Ransomware Hits Omicron Granite & Tile, Exposing Client Data
Victim
Omicron Granite & Tile
Attacker
Play
Location
First Reported
August 29, 2024
Ransomware Attack on Omicron Granite & Tile by Play Ransomware Group
Omicron Granite & Tile, a leading supplier and importer of natural stone products in Florida, has recently been targeted by the Play ransomware group. The attack has compromised sensitive data, including client documents, contracts, IDs, and financial information, posing significant risks to the company's operations and its clients' privacy.
About Omicron Granite & Tile
Established in 2000, Omicron Granite & Tile is the largest wholesale importer of natural stone in Florida. The company specializes in a wide array of materials such as granite, marble, onyx, and travertine. With multiple locations, including Pompano Beach and Fort Myers, Omicron Granite & Tile serves a diverse clientele that includes interior designers, kitchen and bath designers, fabricators, builders, contractors, architects, cabinetmakers, and homeowners. The company also offers services such as countertop installation and custom countertops, ensuring they meet the specific needs of their clients.
Attack Overview
The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Omicron Granite & Tile. The group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The attack on Omicron Granite & Tile has compromised private and personal confidential data, including client documents, contracts, IDs, and financial information.
About Play Ransomware Group
The Play ransomware group distinguishes itself by using various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group uses tools like Mimikatz to extract high-privilege credentials and escalate privileges. They also employ tools to disable antimalware and monitoring solutions, such as Process Hacker, GMER, and IOBit. Unlike typical ransomware groups, Play ransomware does not include an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email.
Potential Vulnerabilities
Omicron Granite & Tile's extensive operations and large customer base make it a lucrative target for ransomware groups. The company's reliance on digital systems for managing client information, contracts, and financial data could have made it vulnerable to cyberattacks. The Play ransomware group may have penetrated the company's systems through exploited vulnerabilities in RDP servers, FortiOS, or Microsoft Exchange, or by using valid accounts, including VPN accounts that may have been reused or illicitly acquired.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.