Ransomware Attack on Haumiller Engineering by Play Ransomware Group

Company Profile

A prominent provider of custom assembly machines, Haumiller Engineering serves industries like Life Sciences, Health & Beauty, Food & Beverage, and Consumer Products. With over six decades of experience, the company has manufactured more than 2,100 custom assembly, aerosol tipping, and capping machines, emphasizing innovation, quality, and customer satisfaction.

Details of the Attack

Haumiller Engineering faced intrusion by the "Play" ransomware group. Exploiting ransomware, the attackers gained access to sensitive data, potentially compromising private and personal confidential information, client documents, budget details, payroll records, accounting data, contracts, tax information, IDs, finance details, and more, posing a severe threat to privacy and security.

Profile of the Play Ransomware Group

Play ransomware group targets Linux systems, evolving to deploy cryptographic lockers. Sharing similarities with Baseline Babuk, the group utilizes Sosemanuk for encryption and submits binaries containing various hack tools and utilities after initial access. Identified as part of the Babuk-descended ransomware lineage, they exhibit a similar naming convention for generated binaries and share code similarities with other Babuk variants.

Vulnerabilities and Implications

Vulnerabilities in Haumiller Engineering's cybersecurity defenses, such as outdated software, inadequate network security measures, and insufficient employee training on cybersecurity best practices, make them susceptible to threat actors. The company's valuable data and client information attract ransomware groups like Play.

Sources:

• Haumiller Engineering
• SentinelOne
• Sophos News
• TechTarget
• UK Parliament
• Checkpoint