Cyber Attack on Heritage Cooperative: Play Group Strikes with Ransomware

Incident Date:

April 15, 2024

World map



Cyber Attack on Heritage Cooperative: Play Group Strikes with Ransomware


Heritage Cooperative




Delaware, USA

Ohio, USA

First Reported

April 15, 2024

Ransomware Attack on Heritage Cooperative by Play Group

Attack Overview

A prominent entity in the agricultural sector, Heritage Cooperative, recently fell victim to a ransomware attack orchestrated by the cybercriminal group known as Play. This attack compromised a significant amount of sensitive data including client documents, payroll information, and financial records. Making potential for severe disruption and loss evident.

Company Profile

Heritage Cooperative Inc. is a key player in the agriculture industry, providing a wide range of products and services such as fertilizers, chemicals, seeds, and grain handling. With a history spanning over 100 years, the cooperative serves more than 15,000 customers and maintains a workforce exceeding 600 employees. The cooperative's substantial market presence and extensive data repositories make it a significant target for cybercriminal activities.

Details of the Cyber Attack

The Play ransomware group, known for its Linux-targeting ransomware derived from the Babuk code, claimed responsibility for the attack through their dark web leak site. While the ransom demand specifics were not disclosed, the attack's timing and the sensitive nature of the stolen data suggest a highly strategic assault aimed at maximizing pressure on the cooperative to comply with the ransom demands.

Why Heritage Cooperative?

The cooperative's extensive integration of technology in operations, coupled with its significant data pools related to agricultural transactions and personal employee information, presents multiple vectors for cyber attacks. The cooperative's role in food supply and its large-scale operational data make it a lucrative target for ransomware groups like Play, who seek to capitalize on the urgency and sensitivity of the data held by such organizations.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.