Ransomware Attack on 21st Century Energy Group by Play Ransomware: Data Breach Details

Incident Date:

July 11, 2024

World map

Overview

Title

Ransomware Attack on 21st Century Energy Group by Play Ransomware: Data Breach Details

Victim

The 21st Century Energy Group

Attacker

Play

Location

New Castle, USA

Pennsylvania, USA

First Reported

July 11, 2024

Ransomware Attack on The 21st Century Energy Group by Play Ransomware Group

Company Overview

The 21st Century Energy Group is a prominent provider of residential and commercial energy products and services in the northeastern United States. The company offers a range of fuels, including heating oil, propane, kerosene, diesel fuel, and gasoline. Additionally, they provide heating and cooling equipment installation, maintenance, and repair services. With a strong focus on customer service, the company ensures timely delivery, competitive pricing, and personalized service plans. The company operates seven delivery centers, with Reed Oil Company in New Castle serving as the headquarters.

Attack Overview

On July 11, 2024, The 21st Century Energy Group fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack led to a significant data breach, compromising a wide array of sensitive information, including private and personal confidential details, client documents, budget reports, payroll data, accounting records, contracts, tax documents, identification documents, and financial information. This breach poses serious privacy and security risks to both the company and its clients, encompassing residential and commercial sectors.

About Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others, to gain initial access to networks.

Penetration and Impact

Play ransomware employs various methods to penetrate systems, including exploiting RDP servers and FortiOS vulnerabilities, using valid accounts, and leveraging Microsoft Exchange vulnerabilities. Once inside, the ransomware executes its code using scheduled tasks and PsExec, maintains persistence, and escalates privileges using tools like Mimikatz. The group also disables antimalware and monitoring solutions to evade detection. The attack on The 21st Century Energy Group highlights the vulnerabilities in the company's cybersecurity infrastructure, making it a target for sophisticated threat actors like Play ransomware.

Company Vulnerabilities

The 21st Century Energy Group's reliance on digital infrastructure for account management, online ordering, and customer support may have contributed to its vulnerability. The company's extensive operations and the critical nature of its services make it an attractive target for ransomware groups seeking to cause widespread disruption and demand significant ransoms.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.