Me Too Shoes Hit by Play Ransomware, Exposing Sensitive Data

Incident Date:

June 13, 2024

World map

Overview

Title

Me Too Shoes Hit by Play Ransomware, Exposing Sensitive Data

Victim

Me Too Shoes

Attacker

Play

Location

New York, USA

New York, USA

First Reported

June 13, 2024

Ransomware Attack on Me Too Shoes by Play Ransomware Group

Company Profile: Me Too Shoes

Me Too Shoes, founded in 1996 and headquartered in New York City, is a prominent player in the comfort fashion footwear market. Specializing in stylish, comfortable, and affordable shoes for women, the brand offers a wide range of footwear including flats, heels, wedges, sandals, and boots. The company emphasizes blending fashion-forward designs with practical comfort, incorporating features like cushioned insoles and flexible outsoles. Despite its small size, with approximately 7-9 employees, Me Too Shoes has a significant global presence and reported an annual revenue of $9 million in 2024.

Attack Overview

Me Too Shoes recently fell victim to a ransomware attack by the Play ransomware group. The attack compromised private and personal confidential data, including client documents, budget, payroll, accounting, contracts, taxes, IDs, and financial information. The breach was announced on Play's dark web leak site, highlighting the severity of the data exposure.

About the Play Ransomware Group

The Play ransomware group, operated by Ransom House, is known for its sophisticated attacks targeting Linux systems. Initially linked to the Babuk code, Play ransomware has evolved to deploy cryptographic lockers, focusing on ESXi lockers. The group is notorious for its unique verbose ransom notes and the use of various hack tools and utilities post-initial access, such as AnyDesk and NetCat.

Penetration and Vulnerabilities

While the exact method of penetration in the Me Too Shoes attack remains unclear, Play ransomware actors typically exploit vulnerabilities in network security. Given Me Too Shoes' small team and potentially limited cybersecurity resources, the company may have been an attractive target for the ransomware group. The attack underscores the importance of robust cybersecurity measures, especially for companies with significant online and retail operations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.