Ransomware Attack Hits Odyssey Fitness Center: Play Group Involved
Incident Date:
July 25, 2024
Overview
Title
Ransomware Attack Hits Odyssey Fitness Center: Play Group Involved
Victim
Odyssey Fitness Center
Attacker
Play
Location
First Reported
July 25, 2024
Ransomware Attack on Odyssey Fitness Center by Play Ransomware Group
Overview of Odyssey Fitness Center
Odyssey Fitness Center, located in Wilkes-Barre, Pennsylvania, is a prominent fitness facility catering to a diverse clientele. As the largest gym in Luzerne and Lackawanna counties, it offers a wide range of amenities, including advanced cardio machines, strength training equipment, and over 100 weekly classes. The center also features a 6,000-square-foot Sports Performance Area, a pool, steam room, and whirlpool. Additionally, Odyssey provides childcare services and personalized training programs, emphasizing community engagement and personalized fitness solutions.
Details of the Ransomware Attack
On July 26, 2024, Odyssey Fitness Center became the target of a ransomware attack orchestrated by the Play ransomware group. The attack compromised the center's website, odysseyfitnesscenter.com, raising concerns about the security of personal and health-related information of its clients. The exact size of the data leak remains unknown, but the incident highlights the increasing threat of ransomware to businesses in the health and fitness sector.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play targets a diverse range of industries, including IT, transportation, construction, government entities, and critical infrastructure. The group is known for using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.
Attack Methods and Penetration Techniques
Play ransomware employs several techniques to execute its attacks. The group uses scheduled tasks, PsExec, and Group Policy Objects to distribute ransomware executables within the internal network. They maintain persistence through scheduled tasks and PsExec, and escalate privileges using tools like Mimikatz. To evade detection, Play disables antimalware and monitoring solutions using tools such as Process Hacker and GMER. The group also uses custom tools to enumerate users and computers on compromised networks and copy files from the Volume Shadow Copy Service.
Vulnerabilities and Impact
Odyssey Fitness Center's vulnerabilities likely stem from inadequate cybersecurity measures, making it an attractive target for threat actors like Play. The attack underscores the importance of robust cybersecurity practices, especially for businesses handling sensitive personal and health-related information. The incident serves as a stark reminder of the growing threat of ransomware and the need for comprehensive security strategies to protect against such attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.