BroadGrain Commodities Faces Major Ransomware Breach

Incident Date: Sep 23, 2024

Attack Overview
VICTIM
BroadGrain Commodities
INDUSTRY
Agriculture
LOCATION
Canada
ATTACKER
Play
FIRST REPORTED
September 23, 2024

Ransomware Attack on BroadGrain Commodities: A Detailed Analysis

BroadGrain Commodities Inc., a prominent Canadian-based company, has recently fallen victim to a ransomware attack orchestrated by the notorious Play ransomware group. This incident has raised significant concerns about the security of sensitive data within the agricultural sector.

About BroadGrain Commodities

BroadGrain Commodities is a key player in the global agricultural market, specializing in the marketing and origination of grains, cereals, oilseeds, pulses, and specialty crops. With an operational footprint spanning Canada, Algeria, Argentina, China, and Nigeria, the company handles approximately 3 million metric tonnes of products annually, shipping to over 85 countries. BroadGrain's commitment to quality and traceability is underscored by its FSSC 22000 certification and membership in industry associations like the Canadian Special Crops Association.

Attack Overview

The Play ransomware group claims to have infiltrated BroadGrain's data systems, compromising a wide array of sensitive information, including client documents, payroll records, and financial data. This breach poses significant risks to the company's operations and the privacy of its clients and employees. The attack highlights vulnerabilities in BroadGrain's cybersecurity infrastructure, which may have been exploited by the attackers to gain unauthorized access.

About the Play Ransomware Group

Active since June 2022, the Play ransomware group, also known as PlayCrypt, has targeted various industries, including IT, transportation, and critical infrastructure. The group is known for its sophisticated attack methods, often exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange. Play ransomware distinguishes itself by not including an initial ransom demand in its notes, instead directing victims to contact them via email.

Potential Vulnerabilities and Attack Methods

BroadGrain's extensive global operations and reliance on digital systems for managing its supply chain may have made it an attractive target for the Play ransomware group. The attackers likely exploited vulnerabilities in the company's network, potentially through compromised VPN accounts or unpatched software vulnerabilities. The use of tools like Mimikatz for privilege escalation and custom network scanners further facilitated the breach.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.