Mauritzon Inc. Targeted by Play Ransomware Group
Incident Date:
May 7, 2024
Overview
Title
Mauritzon Inc. Targeted by Play Ransomware Group
Victim
Mauritzon
Attacker
Play
Location
First Reported
May 7, 2024
Ransomware Attack on Mauritzon by Play Ransomware Group
Overview
A cybercrime attack targeted the website mauritzon.net based in the USA, carried out by an attacker known as "Play" using ransomware. The attack resulted in the theft of various sensitive data types, including private and confidential information such as client documents, budgets, payroll, accounting records, contracts, taxes, IDs, and financial information.
Victim Profile
Mauritzon, Inc. is a well-established industrial textile wholesale manufacturer and distributor based in Chicago, Illinois. The company has been in operation for over a century and is one of the largest and most diversified in its industry. Mauritzon offers a wide range of products, including adhesives, athletic fabrics, awning and marine fabrics, canvas fabrics, cargo restraints, and more.
Company Vulnerabilities
The company's extensive operations and valuable data make it an attractive target for threat actors. The company's long-standing presence in the industry and diverse product offerings may have made it a prime target for the Play ransomware group.
Play Ransomware Group Tactics
The Play ransomware group, operated by Ransom House, has evolved from data theft to deploying cryptographic lockers. The group targets Linux systems and uses encryption methods similar to Baseline Babuk. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after gaining initial access to victim networks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.