Ransomware Hits ASTAC Telecoms by Play Group in Alaska
Incident Date:
October 29, 2024
Overview
Title
Ransomware Hits ASTAC Telecoms by Play Group in Alaska
Victim
Astac
Attacker
Play
Location
First Reported
October 29, 2024
Ransomware Attack on ASTAC: A Closer Look at the Play Ransomware Group's Latest Target
Arctic Slope Telephone Association Cooperative (ASTAC), a key telecommunications provider in Alaska's North Slope region, has recently fallen victim to a ransomware attack by the notorious Play ransomware group. This incident highlights the vulnerabilities faced by small to medium-sized enterprises in the telecommunications sector, particularly those operating in remote areas.
About ASTAC
ASTAC is a member-owned cooperative that provides essential telecommunications services, including broadband internet, local and long-distance telephone services, and 4G wireless communications. Serving a vast and remote area of over 90,000 square miles, ASTAC is committed to bridging the digital divide in Alaska's North Slope region. The cooperative model allows ASTAC to prioritize community needs, reinvesting surplus revenues into the cooperative or returning them to members as capital credits. With a workforce of approximately 51 to 200 employees, ASTAC is a significant player in the local telecommunications market, with an estimated revenue of $10 million.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on ASTAC, reportedly accessing and encrypting a substantial amount of sensitive data. This includes private and personal confidential information, client documents, budget details, payroll records, contracts, tax information, IDs, and financial data. The breach poses a serious threat to the privacy and security of ASTAC's clients and operations, underscoring the risks faced by telecommunications providers in safeguarding sensitive information.
About the Play Ransomware Group
Active since June 2022, the Play ransomware group, also known as PlayCrypt, has targeted a diverse range of industries, including IT, transportation, and critical infrastructure. Initially focusing on Latin America, the group has expanded its operations to North America and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others, to gain initial access to networks. The group distinguishes itself by not including an initial ransom demand in its notes, instead directing victims to contact them via email.
Potential Vulnerabilities
ASTAC's cooperative structure and focus on community service may have inadvertently exposed it to cyber threats. The reliance on both local and non-local technicians, coupled with the challenges of operating in a remote region, could have contributed to vulnerabilities in its cybersecurity posture. The Play ransomware group likely exploited these weaknesses to penetrate ASTAC's systems, emphasizing the need for enhanced cybersecurity measures in the telecommunications sector.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.