Southeast Cooler Hit by Major Ransomware Attack from Play Group
Incident Date:
September 10, 2024
Overview
Title
Southeast Cooler Hit by Major Ransomware Attack from Play Group
Victim
Southeast Cooler
Attacker
Play
Location
First Reported
September 10, 2024
Ransomware Attack on Southeast Cooler by Play Ransomware Group
Southeast Cooler, a prominent manufacturer of commercial refrigeration equipment, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, posing significant risks to the company's operations and the privacy of its clients.
About Southeast Cooler
Established nearly three decades ago, Southeast Cooler has evolved from a small regional player to a significant global provider in the refrigeration industry. The company specializes in producing premium walk-in coolers, walk-in freezers, and combination coolers. Their manufacturing facility, located in Lithia Springs, Georgia, spans over 140,000 square feet and is equipped with advanced machinery and technology to enhance production efficiency and product quality. With a dedicated team of over 100 employees, Southeast Cooler has made significant investments in its workforce and manufacturing capabilities, enabling it to maintain a competitive edge within the industry.
Attack Overview
The ransomware attack on Southeast Cooler has led to the compromise of various types of sensitive data, including private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack, highlighting significant risks to both the company's operations and the privacy of its clients.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.
Attack Methods
Play ransomware employs various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group uses tools like Mimikatz to extract high-privilege credentials and escalate privileges. They also employ tools to disable antimalware and monitoring solutions, such as Process Hacker, GMER, and IOBit. The ransomware executes its code using scheduled tasks and PsExec, and it maintains persistence on compromised systems through these methods.
Penetration of Southeast Cooler's Systems
Given Southeast Cooler's reliance on advanced technology and a relatively small team, the company may have been vulnerable to targeted attacks exploiting specific software vulnerabilities or weak points in their network security. The Play ransomware group likely leveraged these vulnerabilities to gain unauthorized access and deploy their ransomware, leading to the significant data breach.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.