Ransomware Attack on The Computer Merchant by Play Group: Key Details
Incident Date:
July 25, 2024
Overview
Title
Ransomware Attack on The Computer Merchant by Play Group: Key Details
Victim
The Computer Merchant
Attacker
Play
Location
First Reported
July 25, 2024
Ransomware Attack on The Computer Merchant by Play Ransomware Group
Overview of The Computer Merchant
The Computer Merchant, Ltd. (TCM) is a veteran-owned IT staffing firm based in Massachusetts, specializing in providing tailored staffing solutions for a diverse range of industries, including Fortune 1000 companies and government agencies across the United States. Established in 1980, TCM has built a strong reputation over its 40+ years in the industry, focusing on human connections to deliver top-quality staffing solutions. The company operates on a national scale, leveraging a vast database of over 11 million candidate profiles to match skilled professionals with the right job opportunities.
Details of the Ransomware Attack
The Play ransomware group has claimed responsibility for a recent attack on The Computer Merchant, Ltd. The attack has compromised a wide array of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, accounting files, contracts, tax information, identification documents, and financial data. This breach poses significant risks to both the company and its clients, potentially leading to severe operational disruptions and financial losses.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group is known for using various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities.
Penetration Methods
Play ransomware employs a range of techniques to penetrate and compromise systems. These include exploiting vulnerabilities in RDP servers and Microsoft Exchange, using valid accounts, and leveraging tools like Mimikatz for privilege escalation. The group also uses custom tools to enumerate users and computers on a compromised network and copy files from the Volume Shadow Copy Service (VSS). Their ransomware execution methods involve scheduled tasks, PsExec, and Group Policy Objects (GPOs) to distribute ransomware executables within the internal network.
Impact and Implications
The attack on The Computer Merchant highlights the vulnerabilities that even well-established companies face in the digital age. The compromised data includes highly sensitive information that could have far-reaching consequences for both the company and its clients. The breach underscores the importance of robust cybersecurity measures and the need for continuous vigilance against evolving cyber threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.