Rhysida Ransomware Strikes Plastics Plus in Manufacturing Breach
Incident Date:
September 30, 2024
Overview
Title
Rhysida Ransomware Strikes Plastics Plus in Manufacturing Breach
Victim
Plastics Plus
Attacker
Rhysida
Location
First Reported
September 30, 2024
Rhysida Ransomware Group Targets Plastics Plus in Cyberattack
Plastics Plus, a prominent player in the North American plastics industry, has fallen victim to a ransomware attack orchestrated by the Rhysida Ransomware Group. This incident underscores the growing threat of cyberattacks on the manufacturing sector, particularly companies with a strong digital footprint and reliance on technology for operations.
Company Profile and Industry Standing
Founded in 1990, Plastics Plus operates from Auburn Hills, Michigan, and specializes in plastic resin distribution, custom compounding, and recycling solutions. The company is known for its commitment to sustainability and innovation, offering a diverse range of materials sourced from reputable global suppliers. With approximately 30 employees, Plastics Plus emphasizes personalized customer service and problem-solving, making it a trusted partner in the industry. The company's ISO-9000 certification highlights its dedication to quality management standards.
Attack Overview
The Rhysida Ransomware Group has claimed responsibility for the attack on Plastics Plus, asserting that they have accessed sensitive company data. This breach potentially compromises critical information, posing significant risks to the company's operations and reputation. The attack is part of a broader trend of ransomware incidents targeting the manufacturing sector, which is increasingly vulnerable due to its reliance on digital systems and networks.
Rhysida Ransomware Group: A Rising Threat
Emerging in May 2023, the Rhysida Ransomware Group has quickly established itself as a formidable threat in the cybercrime landscape. Known for targeting sectors such as manufacturing, healthcare, and education, Rhysida employs sophisticated techniques, including double extortion. The group uses the ChaCha20 encryption algorithm and demands Bitcoin payments, leveraging a TOR-based portal for communication with victims. Their ability to infiltrate networks often involves phishing campaigns and exploiting valid credentials.
Potential Vulnerabilities and Attack Vector
Plastics Plus's reliance on digital systems for its operations may have made it susceptible to Rhysida's attack. The group's use of phishing campaigns and exploitation of network credentials suggests that initial access could have been gained through compromised employee accounts or vulnerabilities in the company's IT infrastructure. The attack highlights the need for enhanced cybersecurity measures, particularly in sectors heavily dependent on technology.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.