Ransomware Attack on Quilvest Capital Partners by Play Group

Quilvest Capital Partners, a prominent global investment manager, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack was first identified on August 21, and sensitive files were subsequently published on the dark web on August 26. This incident highlights the increasing threat of ransomware attacks on financial institutions and underscores the critical need for effective cybersecurity measures.

About Quilvest Capital Partners

Quilvest Capital Partners is a well-established investment management firm specializing in the middle market segment. The firm manages assets exceeding $7 billion and has a rich history spanning over a century. Quilvest focuses on providing sophisticated private equity and real estate solutions to a diverse clientele, including private investors, families, and institutions from over 20 countries. The firm operates globally from six offices and is known for its innovative investment strategies and commitment to sustainability.

Attack Overview

The ransomware attack on Quilvest Capital Partners was executed by the Play ransomware group, also known as PlayCrypt. The attack was identified on August 21, and by August 26, sensitive files were published on the dark web. The dark web post has garnered significant attention, with 505 views. The firm's website, www.quilvestcapitalpartners.com, may also be at risk as the attackers continue to exploit vulnerabilities.

About the Play Ransomware Group

The Play ransomware group has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. The group targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. Play ransomware is known for using various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.

Penetration Methods

The Play ransomware group employs a range of tactics to penetrate systems. They use scheduled tasks and PsExec for execution, and tools like Mimikatz for privilege escalation. The group also employs custom tools to enumerate users and computers on compromised networks and copy files from the Volume Shadow Copy Service. Additionally, they use tools to disable antimalware and monitoring solutions, making it challenging for organizations to detect and mitigate the attack.

Implications for Quilvest Capital Partners

The ransomware attack on Quilvest Capital Partners underscores the vulnerabilities that financial institutions face. Given the firm's extensive network and significant assets under management, the attack could have far-reaching implications. The incident highlights the importance of effective cybersecurity measures to protect sensitive data and maintain the trust of clients and stakeholders.

• Quilvest Capital Partners
• SOCRadar - Dark Web Profile: Play Ransomware
• Cyberint - Are They Really Playing? Get to Know Play Ransomware
• Proven Data - Play Ransomware