Ransomware Attack Hits Odyssey Fitness Center: Play Group Involved

Incident Date:

July 25, 2024

World map

Overview

Title

Ransomware Attack Hits Odyssey Fitness Center: Play Group Involved

Victim

Odyssey Fitness Center

Attacker

Play

Location

Wilkes-Barre, USA

Pennsylvania, USA

First Reported

July 25, 2024

Ransomware Attack on Odyssey Fitness Center by Play Ransomware Group

Overview of Odyssey Fitness Center

Odyssey Fitness Center, located in Wilkes-Barre, Pennsylvania, is a prominent fitness facility catering to a diverse clientele. As the largest gym in Luzerne and Lackawanna counties, it offers a wide range of amenities, including advanced cardio machines, strength training equipment, and over 100 weekly classes. The center also features a 6,000-square-foot Sports Performance Area, a pool, steam room, and whirlpool. Additionally, Odyssey provides childcare services and personalized training programs, emphasizing community engagement and personalized fitness solutions.

Details of the Ransomware Attack

On July 26, 2024, Odyssey Fitness Center became the target of a ransomware attack orchestrated by the Play ransomware group. The attack compromised the center's website, odysseyfitnesscenter.com, raising concerns about the security of personal and health-related information of its clients. The exact size of the data leak remains unknown, but the incident highlights the increasing threat of ransomware to businesses in the health and fitness sector.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play targets a diverse range of industries, including IT, transportation, construction, government entities, and critical infrastructure. The group is known for using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.

Attack Methods and Penetration Techniques

Play ransomware employs several techniques to execute its attacks. The group uses scheduled tasks, PsExec, and Group Policy Objects to distribute ransomware executables within the internal network. They maintain persistence through scheduled tasks and PsExec, and escalate privileges using tools like Mimikatz. To evade detection, Play disables antimalware and monitoring solutions using tools such as Process Hacker and GMER. The group also uses custom tools to enumerate users and computers on compromised networks and copy files from the Volume Shadow Copy Service.

Vulnerabilities and Impact

Odyssey Fitness Center's vulnerabilities likely stem from inadequate cybersecurity measures, making it an attractive target for threat actors like Play. The attack underscores the importance of robust cybersecurity practices, especially for businesses handling sensitive personal and health-related information. The incident serves as a stark reminder of the growing threat of ransomware and the need for comprehensive security strategies to protect against such attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.