Ransomware Attack on Adina Design by Play Ransomware Group
Incident Date:
August 13, 2024
Overview
Title
Ransomware Attack on Adina Design by Play Ransomware Group
Victim
Adina Design
Attacker
Play
Location
First Reported
August 13, 2024
Ransomware Attack on Adina Design by Play Ransomware Group
Adina Design, a creative agency specializing in branding, design, and digital solutions, has recently fallen victim to a ransomware attack orchestrated by the notorious Play ransomware group. This breach has compromised a wide array of sensitive information, including private and personal data, client documents, budget details, payroll records, accounting files, contracts, tax information, identification documents, and financial data.
About Adina Design
Adina Design is a small to medium-sized enterprise known for its commitment to creating unique, tailored solutions for its clients. The agency emphasizes a collaborative approach that integrates client feedback throughout the design process, allowing them to deliver high-quality, impactful designs that resonate with target audiences. This focus on customization and client involvement distinguishes Adina Design in the competitive landscape of design and branding services.
Attack Overview
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They execute their code using scheduled tasks and PsExec, and maintain persistence through similar methods.
Details of the Attack
The attack on Adina Design involved the use of custom tools to enumerate all users and computers on the compromised network and copy files from the Volume Shadow Copy Service (VSS). The ransomware group employs tools to disable antimalware and monitoring solutions, making it difficult for the victim to detect and mitigate the attack. The breach has resulted in the exposure of sensitive information, which could have severe implications for Adina Design and its clients.
Play Ransomware Group
The Play ransomware group distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email. The group has impacted over 300 entities, including businesses and critical infrastructure across multiple regions. Their dark web presence includes a data leak site where they post information about their attacks and victims.
Penetration Methods
Play ransomware could have penetrated Adina Design's systems through various vulnerabilities, including reused or illicitly acquired VPN accounts, and exploiting known vulnerabilities in RDP servers and Microsoft Exchange. The group's use of tools like Mimikatz to extract high-privilege credentials and escalate privileges further facilitated their access to sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.