Cyber Attack on Alltruck Bodies by Play Ransomware Group

Incident Date:

April 19, 2024

World map

Overview

Title

Cyber Attack on Alltruck Bodies by Play Ransomware Group

Victim

Alltruck Bodies

Attacker

Play

Location

Blackburn, Australia

, Australia

First Reported

April 19, 2024

Ransomware Attack on Alltruck Bodies by Play Group

Company Profile

Alltruck Bodies, an Australian manufacturing company, specializes in the production of various rigid truck bodies, including Curtainsiders, Colorbond vans, FRP vans, and more. They are notable for their investment in new technologies and a specialized Research & Development facility. The company also emphasizes workforce training in collaboration with the Centre of Automotive Excellence. With 96 employees and a revenue increase to $20.3 million last year, Alltruck Bodies has shown significant growth and industry recognition.

Attack Details

The Play ransomware group, known for targeting Linux systems and associated with the Babuk code, has claimed responsibility for the attack on Alltruck Bodies. The attack was announced on their dark web leak site, indicating a potential breach of sensitive company data including financial records, employee information, and client contracts. The specifics of the ransom demand have not been disclosed.

Company Vulnerabilities

The company's significant reliance on digital technologies for operations and development, combined with their extensive data on clients and operations, makes them an attractive target for cybercriminals. The manufacturing sector often involves complex supply chains and large volumes of data, increasing the potential impact of such attacks.

Ransomware Group Profile

Ransom House is a group operated by a known group called Play, which has evolved from data theft to using cryptographic lockers, specifically targeting Linux systems. Their operational tactics include the use of sophisticated encryption methods and detailed ransom notes aimed at ensuring compliance from their victims.

References:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.