Virginia Dare Extract Co. Hit by Play Ransomware Group
Incident Date:
September 10, 2024
Overview
Title
Virginia Dare Extract Co. Hit by Play Ransomware Group
Victim
Virginia Dare Extract Co.
Attacker
Play
Location
First Reported
September 10, 2024
Ransomware Attack on Virginia Dare Extract Co. by Play Ransomware Group
Virginia Dare Extract Co., a centennial leader in the flavor development and extraction industry, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, significantly impacting the company's operations and client relationships.
About Virginia Dare Extract Co.
Established in 1923, Virginia Dare Extract Co. is headquartered in Carteret, New Jersey, with additional facilities in Brooklyn, New York. The company employs between 133 to 354 individuals and generates annual revenues estimated between $33 million and $119.5 million. Virginia Dare specializes in creating and supplying a wide range of flavors and extracts for the food and beverage sector, positioning itself as a global leader in this field. The company operates under two main platforms: Taste Foundations™ and Taste Collaborations™, emphasizing sustainable sourcing, premium production, and innovative flavor solutions.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on Virginia Dare via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack, affecting both internal operations and external client relationships.
About the Play Ransomware Group
Active since June 2022, the Play ransomware group, also known as PlayCrypt, has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure. The group employs various methods to gain entry into networks, such as exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They use tools like Mimikatz for privilege escalation and custom tools for network enumeration and data exfiltration.
Penetration Methods
The Play ransomware group likely penetrated Virginia Dare's systems through vulnerabilities in their network infrastructure. The group is known for exploiting RDP servers and VPN accounts, which may have been reused or illicitly acquired. Additionally, the group uses scheduled tasks and PsExec to maintain persistence and distribute ransomware executables within the internal network, making it challenging for the company to detect and mitigate the attack promptly.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.