US energy provider “GridNext” has confirmed a ransomware attack that has disrupted administrative systems and billing operations. The “Play” ransomware group has claimed responsibility, stating they gained access by exploiting the critical VMware vCenter RCE (CVE-2025-7722) disclosed just yesterday.
Business Impact
While grid operations remain functional, this near-miss on critical infrastructure highlights the extreme speed of modern attacks. The breach demonstrates that the “window of vulnerability” for critical flaws has shrunk to less than 24 hours. The utility faces massive recovery costs and potential regulatory fines.
Why It Happened
The utility failed to isolate its vCenter management interface from the internet. Play ransomware operators scanned for the vulnerability within hours of its disclosure and deployed their encryptors before the organization could patch.
Recommended Executive Action
Use this as a case study for your board. Critical infrastructure management interfaces *must* be air-gapped or behind strict VPNs. Verify your own exposure to CVE-2025-7722 immediately.
Hashtags: #Ransomware #EnergySector #GridNext #PlayRansomware #VMware #CriticalInfrastructure #CyberAttack #InfoSec