Ransomware Attack Hits Jackson Paper Manufacturing in North Carolina

Incident Date:

September 20, 2024

World map

Overview

Title

Ransomware Attack Hits Jackson Paper Manufacturing in North Carolina

Victim

Jackson Paper Manufacturing

Attacker

Play

Location

Sylva, USA

North Carolina, USA

First Reported

September 20, 2024

Ransomware Attack on Jackson Paper Manufacturing by Play Ransomware Group

Jackson Paper Manufacturing, a leading producer of recycled containerboard based in Sylva, North Carolina, has been targeted by the Play ransomware group. The attack was disclosed on September 23, 2024, via the group's dark web leak site.

About Jackson Paper Manufacturing

Established in 1995, Jackson Paper Manufacturing is a prominent player in the recycled paper industry. The company operates a facility that transitioned to producing 100% recycled paper in the 1980s. Jackson Paper is recognized for its commitment to sustainability, employing a closed-loop system that eliminates wastewater discharge and using wood waste as fuel instead of fossil fuels. The company is the largest private employer in Sylva, supporting hundreds of jobs and collaborating with over 30 wood product manufacturers in the region.

Attack Overview

The Play ransomware group claimed responsibility for the attack on Jackson Paper Manufacturing. The extent of the data leak remains undetermined. The attack highlights the vulnerabilities in the manufacturing sector, particularly for companies like Jackson Paper that rely heavily on digital systems for their operations.

About Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange. The group uses custom tools and techniques to gain access, execute code, and maintain persistence on compromised systems.

Penetration Methods

Play ransomware likely penetrated Jackson Paper's systems through vulnerabilities in remote access protocols or unpatched software. The group is adept at using tools like Mimikatz for credential extraction and employs methods to disable antimalware solutions, making it challenging for companies to detect and mitigate the attack promptly.

Impact on Jackson Paper Manufacturing

The ransomware attack on Jackson Paper Manufacturing underscores the growing threat to the manufacturing sector. As a company deeply integrated into the local economy and committed to sustainability, the impact of such an attack can be far-reaching, affecting not only the company's operations but also the community it supports.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.