Ransomware Attack on Hyperice Inc. by PLAY Group Threatens Sensitive Data
Incident Date:
July 11, 2024
Overview
Title
Ransomware Attack on Hyperice Inc. by PLAY Group Threatens Sensitive Data
Victim
Hyperice Inc.
Attacker
Play
Location
First Reported
July 11, 2024
Ransomware Attack on Hyperice Inc. by PLAY Ransomware Group
Overview of Hyperice Inc.
Hyperice Inc., headquartered in Irvine, California, is a leading company in the Health & Fitness sector, specializing in performance recovery products and technology. Founded in 2011, Hyperice has built a reputation for its innovative devices aimed at muscle recovery, pain relief, and physical therapy. The company's flagship products include the Hypervolt, a percussion therapy device, and the Normatec line of pneumatic compression devices. Hyperice collaborates with professional athletes and sports leagues, including the NBA, NFL, and MLB, to refine and validate their offerings.
Details of the Ransomware Attack
Hyperice Inc. has fallen victim to a ransomware attack orchestrated by the PLAY ransomware group. The attackers have threatened to release a wide array of the company's sensitive data on July 16, 2024, unless their demands are met. The compromised data includes private and personal confidential information, client documents, budgets, payroll details, accounting records, contracts, tax information, IDs, and financial details. This breach poses a significant threat to the privacy and financial integrity of Hyperice Inc. and its clients.
About the PLAY Ransomware Group
The PLAY ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. PLAY ransomware uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and custom tools to enumerate users and computers on compromised networks.
Potential Vulnerabilities and Penetration Methods
Hyperice Inc.'s vulnerabilities that may have been exploited by the PLAY ransomware group include potential weaknesses in their RDP servers, VPN accounts, and Microsoft Exchange servers. The group is known for using scheduled tasks, PsExec, and Group Policy Objects to distribute ransomware executables within internal networks. Additionally, the use of tools to disable antimalware and monitoring solutions could have facilitated the attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.