Ransomware Attack Hits Protective Industrial Products by Play Group
Incident Date:
September 18, 2024
Overview
Title
Ransomware Attack Hits Protective Industrial Products by Play Group
Victim
Protective Industrial Products
Attacker
Play
Location
First Reported
September 18, 2024
Ransomware Attack on Protective Industrial Products by Play Ransomware Group
Protective Industrial Products, Inc. (PIP), a global leader in personal protective equipment (PPE), has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, posing significant risks to the company's operations and the privacy of its clients and employees.
About Protective Industrial Products
Founded in 1984 and headquartered in Latham, New York, PIP employs approximately 1,500 people and operates over 20 global locations, including nine manufacturing facilities in North America. The company offers more than 10,000 products aimed at enhancing worker safety and comfort, with a revenue of approximately $1 billion last year. PIP is renowned for its commitment to innovation and customer satisfaction, serving various industries such as construction, manufacturing, and food processing.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on PIP via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack, highlighting significant risks to both the company's operations and the privacy of its clients and employees.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, and government entities. The group uses various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They employ tools like Mimikatz for privilege escalation and custom tools for network enumeration and data theft.
Penetration Methods
Play ransomware could have penetrated PIP's systems through several vectors, including exploiting known vulnerabilities in RDP servers and Microsoft Exchange, or through compromised VPN accounts. The group is known for using scheduled tasks and PsExec for execution and persistence, and for disabling antimalware solutions to evade detection. The attack on PIP highlights the importance of comprehensive cybersecurity measures to protect against sophisticated threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.