ProMotion Holdings Hit by Play Group's Ransomware Attack

Incident Date: Jun 23, 2024

Attack Overview
VICTIM
ProMotion Holdings
INDUSTRY
Law Firms & Legal Services
LOCATION
USA
ATTACKER
Play
FIRST REPORTED
June 23, 2024

Ransomware Attack on ProMotion Holdings by Play Group

Company Profile: ProMotion Holdings

ProMotion Holdings, officially registered as PROMOTION HOLDINGS, LLC, is a prominent provider in the communications consulting and content technology solutions sector. Headquartered in Seattle, Washington, the company specializes in high-tech and remote depositions, legal video, and video-conferencing services primarily in the Seattle, Tacoma, and Spokane areas. With an estimated annual revenue between $10-$50 million, ProMotion Holdings stands out in the industry for its integration of technology with talent, offering unique solutions such as virtual events, media production, and comprehensive event management.

Details of the Ransomware Attack

The Play ransomware group, known for its Linux-targeting ransomware derived from Babuk code, has claimed responsibility for the attack on ProMotion Holdings. The breach resulted in the compromise of sensitive data including client documents, payroll, accounting records, contracts, and financial information. This attack not only disrupts the company's operations but also poses significant risks to client confidentiality and business integrity.

Profile of the Play Ransomware Group

The Play ransomware group, operated by Ransom House, has evolved from merely stealing data to using cryptographic lockers, specifically targeting Linux systems. Their operational tactics include the use of sophisticated encryption methods and detailed ransom notes that guide victims on how to proceed. This group's focus on Linux systems and their methodical approach to victim communication distinguish them in the cybercrime landscape.

Potential Vulnerabilities and System Penetration

Given ProMotion Holdings' extensive use of technology for remote communications and content delivery, it is plausible that their systems might have been particularly vulnerable to the Linux-focused Play ransomware. The initial penetration could have involved exploiting unpatched vulnerabilities or through phishing attacks aimed at employees, a common entry point for ransomware.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.