Wilmington Convention Center Hit by Play Ransomware Attack
Incident Date:
October 4, 2024
Overview
Title
Wilmington Convention Center Hit by Play Ransomware Attack
Victim
Wilmington Convention Center
Attacker
Play
Location
First Reported
October 4, 2024
Ransomware Attack on Wilmington Convention Center: A Detailed Analysis
The Wilmington Convention Center (WCC), a prominent venue in North Carolina, has recently been targeted by the Play ransomware group. This attack has compromised a significant amount of sensitive data, posing serious risks to the center's operations and the privacy of its clients.
Victim Profile: Wilmington Convention Center
Spanning 107,000 square feet, the Wilmington Convention Center is a key player in the hospitality sector, offering a unique blend of historical charm and modern amenities. As the only convention center on the North Carolina coast, it serves as a premier venue for meetings, conventions, and events. The center's LEED certification underscores its commitment to sustainability, while its strategic location near local attractions and the Wilmington International Airport enhances its appeal. Despite its advanced infrastructure, the center's reliance on digital systems for operations and client management may have made it vulnerable to cyber threats.
Attack Overview
The Play ransomware group has claimed responsibility for the attack, which involved unauthorized access to a wide array of sensitive data. Compromised information includes private and personal confidential data, client documents, and critical financial records such as budget details, payroll information, and accounting files. The breach also exposed contracts, tax documents, and identification records, highlighting the potential for extensive repercussions on both the organization's operational integrity and individual privacy.
About the Play Ransomware Group
Active since June 2022, the Play ransomware group, also known as PlayCrypt, has been involved in numerous high-profile attacks across various industries. Initially focusing on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others. The group distinguishes itself by not including an initial ransom demand in its notes, instead directing victims to contact them via email.
Potential Vulnerabilities and Penetration Methods
The Play ransomware group likely penetrated the Wilmington Convention Center's systems through known vulnerabilities in network protocols or software applications. The center's extensive use of digital systems for event management and client interactions may have provided multiple entry points for the attackers. The group's use of tools like Mimikatz for privilege escalation and custom tools for network enumeration further facilitated the breach.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.