ProMotion Holdings Hit by Play Group's Ransomware Attack

Incident Date:

June 23, 2024

World map

Overview

Title

ProMotion Holdings Hit by Play Group's Ransomware Attack

Victim

ProMotion Holdings

Attacker

Play

Location

Seattle, USA

Washington, USA

First Reported

June 23, 2024

Ransomware Attack on ProMotion Holdings by Play Group

Company Profile: ProMotion Holdings

ProMotion Holdings, officially registered as PROMOTION HOLDINGS, LLC, is a prominent provider in the communications consulting and content technology solutions sector. Headquartered in Seattle, Washington, the company specializes in high-tech and remote depositions, legal video, and video-conferencing services primarily in the Seattle, Tacoma, and Spokane areas. With an estimated annual revenue between $10-$50 million, ProMotion Holdings stands out in the industry for its integration of technology with talent, offering unique solutions such as virtual events, media production, and comprehensive event management.

Details of the Ransomware Attack

The Play ransomware group, known for its Linux-targeting ransomware derived from Babuk code, has claimed responsibility for the attack on ProMotion Holdings. The breach resulted in the compromise of sensitive data including client documents, payroll, accounting records, contracts, and financial information. This attack not only disrupts the company's operations but also poses significant risks to client confidentiality and business integrity.

Profile of the Play Ransomware Group

The Play ransomware group, operated by Ransom House, has evolved from merely stealing data to using cryptographic lockers, specifically targeting Linux systems. Their operational tactics include the use of sophisticated encryption methods and detailed ransom notes that guide victims on how to proceed. This group's focus on Linux systems and their methodical approach to victim communication distinguish them in the cybercrime landscape.

Potential Vulnerabilities and System Penetration

Given ProMotion Holdings' extensive use of technology for remote communications and content delivery, it is plausible that their systems might have been particularly vulnerable to the Linux-focused Play ransomware. The initial penetration could have involved exploiting unpatched vulnerabilities or through phishing attacks aimed at employees, a common entry point for ransomware.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.