Ransomware Attack on SMS Group by Play Ransomware: Key Details and Impact

Incident Date:

August 21, 2024

World map

Overview

Title

Ransomware Attack on SMS Group by Play Ransomware: Key Details and Impact

Victim

The SMS Group

Attacker

Play

Location

Sidney, USA

Ohio, USA

First Reported

August 21, 2024

Ransomware Attack on The SMS Group by Play Ransomware

The SMS Group, a prominent technology solutions provider specializing in data collection integration for the manufacturing sector, has fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack was first identified on August 21, and sensitive files were subsequently published on the dark web on August 26. The breach has garnered significant attention, with 487 views on the dark web post detailing the incident.

About The SMS Group

Established in 1988 in Sidney, Ohio, The SMS Group has grown from a local service provider to a global player in the technology solutions industry. The company is recognized for enhancing operational efficiency through innovative technology solutions. Their core services include data collection integration, custom software development, mobile app development, ERP integration, and various technical services. The SMS Group's commitment to innovation and customer success has made them a standout in the industry.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on The SMS Group. The attack was identified on August 21, and by August 26, sensitive files were leaked on the dark web. The exact method of penetration remains unclear, but Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, as well as using valid accounts and custom tools to gain access to networks.

About Play Ransomware Group

Active since June 2022, the Play ransomware group has been responsible for numerous high-profile attacks across various industries, including IT, transportation, and government entities. The group distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes, instead directing victims to contact them via email. Play ransomware employs sophisticated methods such as exploiting RDP and VPN vulnerabilities, using tools like Mimikatz for privilege escalation, and disabling antimalware solutions to evade detection.

Potential Vulnerabilities

The SMS Group's extensive use of data collection and integration technologies, along with their reliance on custom software and ERP systems, may have made them an attractive target for the Play ransomware group. The company's global operations and the critical nature of their services in the manufacturing sector further increase the potential impact of such an attack. Ensuring strong cybersecurity measures and regular vulnerability assessments are crucial for companies like The SMS Group to protect against sophisticated threat actors.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.