Microchip Technology Disrupted by Play Ransomware Attack
Incident Date:
August 26, 2024
Overview
Title
Microchip Technology Disrupted by Play Ransomware Attack
Victim
Microchip Technology
Attacker
Play
Location
First Reported
August 26, 2024
Microchip Technology Hit by Play Ransomware Attack
Microchip Technology, a leading semiconductor manufacturer based in Chandler, Arizona, has fallen victim to a ransomware attack orchestrated by the Play ransomware group. The breach, discovered on August 17, 2024, has led to significant operational disruptions and the compromise of sensitive information.
Company Overview
Founded in 1989, Microchip Technology Incorporated specializes in the design and manufacturing of microcontrollers, mixed-signal, analog, and Flash-IP integrated circuits. The company employs approximately 22,300 people and reported revenues of $7.6 billion for the fiscal year 2024. Microchip is renowned for its extensive product portfolio, which includes over 1,200 microcontroller devices, various analog products, and specialized solutions for embedded control applications.
Attack Overview
The ransomware attack led to the temporary disruption of operations at several of Microchip's manufacturing facilities. The company confirmed that employee contact information and some encrypted passwords were compromised. However, there is no evidence that customer or supplier data was affected. Play ransomware claims to have stolen various sensitive information, including financial records and contracts. While critical IT systems have been restored, certain manufacturing facilities are still operating below normal levels, impacting the company's ability to fulfill orders.
About Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange to gain initial access. The group uses tools like Mimikatz for privilege escalation and employs custom tools to enumerate users and computers on compromised networks.
Penetration Methods
Play ransomware likely penetrated Microchip's systems through vulnerabilities in RDP servers or Microsoft Exchange. The group is adept at using scheduled tasks and PsExec for execution and persistence. They also disable antimalware solutions using tools like Process Hacker and GMER. The ransomware's minimalistic ransom notes direct victims to contact the threat actors via email, distinguishing it from other ransomware groups.
Impact and Response
Microchip Technology has engaged external cybersecurity experts to investigate the full scope and impact of the incident. While the company has resumed processing orders, the ongoing operational disruptions at certain manufacturing facilities may affect its ability to meet demand. The long-term financial impact of the attack remains uncertain.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.