Ransomware Attack on Trisun Land Services by Play Group

Overview of Trisun Land Services

Trisun Land Services LLC, a locally owned real estate title and closing services company, operates out of Waterville, Ohio, with an additional location in Perrysburg, Ohio. The company, with over 30 years of combined experience, specializes in providing complete closing, settlement, and escrow services. Known for its personalized and budget-friendly services, Trisun Land Services accommodates clients at their preferred locations, including homes and workplaces. The company employs a small team of 2-10 qualified staff members and is licensed with the Ohio Department of Insurance.

Details of the Ransomware Attack

The ransomware group Play has claimed responsibility for a cyberattack on Trisun Land Services. The attack compromised a significant amount of private and confidential data, including client documents, budget information, payroll, accounting records, contracts, tax documents, IDs, and financial information. The breach was announced on Play's dark web leak site, indicating a severe impact on the company's operations and client trust.

About the Play Ransomware Group

Play ransomware, operated by the group Ransom House, is a notable actor in the cybercrime landscape, particularly targeting Linux systems. Initially linked to the Babuk code, Play ransomware has evolved to deploy cryptographic lockers, focusing on ESXi lockers. The group is known for its sophisticated tactics, including the use of Sosemanuk for encryption and a unique verbose ransom note to communicate with victims. Play ransomware actors often utilize various hack tools and utilities, such as AnyDesk and NetCat, to achieve initial access and execute their attacks.

Potential Vulnerabilities and Penetration Methods

Trisun Land Services, with its small team and extensive handling of sensitive client data, presents a lucrative target for ransomware groups like Play. The company's reliance on digital records and communication channels may have exposed vulnerabilities that the attackers exploited. The Play group likely penetrated Trisun's systems through common vectors such as phishing emails, exploiting unpatched software vulnerabilities, or leveraging weak network security protocols. The exact method of penetration remains unclear, but the attack underscores the critical need for robust cybersecurity measures in protecting sensitive real estate transaction data.

Sources:

• Trisun Land Services
• Trisun Land Services
• Dun & Bradstreet
• LinkedIn
• ZoomInfo
• Better Business Bureau
• SentinelOne
• Sophos News
• TechTarget
• UK Parliament Publications
• Check Point