Ransomware Attack on 21st Century Energy Group by Play Ransomware: Data Breach Details
Incident Date:
July 11, 2024
Overview
Title
Ransomware Attack on 21st Century Energy Group by Play Ransomware: Data Breach Details
Victim
The 21st Century Energy Group
Attacker
Play
Location
First Reported
July 11, 2024
Ransomware Attack on The 21st Century Energy Group by Play Ransomware Group
Company Overview
The 21st Century Energy Group is a prominent provider of residential and commercial energy products and services in the northeastern United States. The company offers a range of fuels, including heating oil, propane, kerosene, diesel fuel, and gasoline. Additionally, they provide heating and cooling equipment installation, maintenance, and repair services. With a strong focus on customer service, the company ensures timely delivery, competitive pricing, and personalized service plans. The company operates seven delivery centers, with Reed Oil Company in New Castle serving as the headquarters.
Attack Overview
On July 11, 2024, The 21st Century Energy Group fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack led to a significant data breach, compromising a wide array of sensitive information, including private and personal confidential details, client documents, budget reports, payroll data, accounting records, contracts, tax documents, identification documents, and financial information. This breach poses serious privacy and security risks to both the company and its clients, encompassing residential and commercial sectors.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others, to gain initial access to networks.
Penetration and Impact
Play ransomware employs various methods to penetrate systems, including exploiting RDP servers and FortiOS vulnerabilities, using valid accounts, and leveraging Microsoft Exchange vulnerabilities. Once inside, the ransomware executes its code using scheduled tasks and PsExec, maintains persistence, and escalates privileges using tools like Mimikatz. The group also disables antimalware and monitoring solutions to evade detection. The attack on The 21st Century Energy Group highlights the vulnerabilities in the company's cybersecurity infrastructure, making it a target for sophisticated threat actors like Play ransomware.
Company Vulnerabilities
The 21st Century Energy Group's reliance on digital infrastructure for account management, online ordering, and customer support may have contributed to its vulnerability. The company's extensive operations and the critical nature of its services make it an attractive target for ransomware groups seeking to cause widespread disruption and demand significant ransoms.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.