Mauritzon Inc. Targeted by Play Ransomware Group

Incident Date:

May 7, 2024

World map

Overview

Title

Mauritzon Inc. Targeted by Play Ransomware Group

Victim

Mauritzon

Attacker

Play

Location

Chicago, USA

Illinois, USA

First Reported

May 7, 2024

Ransomware Attack on Mauritzon by Play Ransomware Group

Overview

A cybercrime attack targeted the website mauritzon.net based in the USA, carried out by an attacker known as "Play" using ransomware. The attack resulted in the theft of various sensitive data types, including private and confidential information such as client documents, budgets, payroll, accounting records, contracts, taxes, IDs, and financial information.

Victim Profile

Mauritzon, Inc. is a well-established industrial textile wholesale manufacturer and distributor based in Chicago, Illinois. The company has been in operation for over a century and is one of the largest and most diversified in its industry. Mauritzon offers a wide range of products, including adhesives, athletic fabrics, awning and marine fabrics, canvas fabrics, cargo restraints, and more.

Company Vulnerabilities

The company's extensive operations and valuable data make it an attractive target for threat actors. The company's long-standing presence in the industry and diverse product offerings may have made it a prime target for the Play ransomware group.

Play Ransomware Group Tactics

The Play ransomware group, operated by Ransom House, has evolved from data theft to deploying cryptographic lockers. The group targets Linux systems and uses encryption methods similar to Baseline Babuk. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after gaining initial access to victim networks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.