Trisun Land Services Hit by Play Ransomware, Client Data Compromised
Incident Date:
June 12, 2024
Overview
Title
Trisun Land Services Hit by Play Ransomware, Client Data Compromised
Victim
Trisun Land Services
Attacker
Play
Location
First Reported
June 12, 2024
Ransomware Attack on Trisun Land Services by Play Group
Overview of Trisun Land Services
Trisun Land Services LLC, a locally owned real estate title and closing services company, operates out of Waterville, Ohio, with an additional location in Perrysburg, Ohio. The company, with over 30 years of combined experience, specializes in providing complete closing, settlement, and escrow services. Known for its personalized and budget-friendly services, Trisun Land Services accommodates clients at their preferred locations, including homes and workplaces. The company employs a small team of 2-10 qualified staff members and is licensed with the Ohio Department of Insurance.
Details of the Ransomware Attack
The ransomware group Play has claimed responsibility for a cyberattack on Trisun Land Services. The attack compromised a significant amount of private and confidential data, including client documents, budget information, payroll, accounting records, contracts, tax documents, IDs, and financial information. The breach was announced on Play's dark web leak site, indicating a severe impact on the company's operations and client trust.
About the Play Ransomware Group
Play ransomware, operated by the group Ransom House, is a notable actor in the cybercrime landscape, particularly targeting Linux systems. Initially linked to the Babuk code, Play ransomware has evolved to deploy cryptographic lockers, focusing on ESXi lockers. The group is known for its sophisticated tactics, including the use of Sosemanuk for encryption and a unique verbose ransom note to communicate with victims. Play ransomware actors often utilize various hack tools and utilities, such as AnyDesk and NetCat, to achieve initial access and execute their attacks.
Potential Vulnerabilities and Penetration Methods
Trisun Land Services, with its small team and extensive handling of sensitive client data, presents a lucrative target for ransomware groups like Play. The company's reliance on digital records and communication channels may have exposed vulnerabilities that the attackers exploited. The Play group likely penetrated Trisun's systems through common vectors such as phishing emails, exploiting unpatched software vulnerabilities, or leveraging weak network security protocols. The exact method of penetration remains unclear, but the attack underscores the critical need for robust cybersecurity measures in protecting sensitive real estate transaction data.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.