Manufacturing Sector Vulnerability: Ransomware Attack on Everbrite.

Incident Date:

April 4, 2024

World map



Manufacturing Sector Vulnerability: Ransomware Attack on Everbrite.






Greenfield, USA

Wisconsin, USA

First Reported

April 4, 2024

Ransomware Attack on Everbrite: A Manufacturing Sector Vulnerability


In a recent cyber attack, the ransomware group Play has targeted Everbrite, a leading provider of visual identification, outdoor signage, indoor signs & displays, menu systems, architectural & drive-thru elements, electronic displays, scoreboards, and LED lighting solutions.

With a rich history spanning over 95 years, Everbrite has been at the forefront of delivering cutting-edge visual identification solutions to top-tier companies globally. Employing between 501 to 1,000 individuals, the company boasts a robust presence in the North American market, supported by manufacturing facilities and sales offices strategically situated across the United States and Canada. Beyond North America, Everbrite's products are widely sold and distributed across Europe, Asia, and South America.


Play Ransomware gains initial access through valid accounts, exposed RDP servers, and exploiting vulnerabilities like FortiOS and Microsoft Exchange. The attackers susceptibilities have exploited these susceptibilities in Everbrite's systems, potentially gaining access to sensitive data and disrupting the company's operations.The ransomware attack on Everbrite is a reminder that no company is immune to cyber threats, especially those with a significant digital presence.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.