Ransomware Attack on Nilorngruppen AB by Play Ransomware Group

Nilorngruppen AB, a Swedish company specializing in branding and product identification solutions, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This incident has disrupted the company's operations and potentially compromised sensitive data, highlighting the increasing threat of ransomware attacks on businesses globally.

About Nilorngruppen AB

Nilorngruppen AB operates in the Business Services sector, primarily serving the fashion industry but also extending its services to other sectors where brand identity and perceived value are critical. The company is dedicated to enhancing and refining brands through a comprehensive approach that emphasizes design and sustainability. Nilorngruppen offers a holistic range of services encapsulated in six key components, including their notable product Nilörn:CONNECT™, which enhances brand information and engagement. The company positions itself as a partner for brands looking to evolve and adapt in a competitive market, emphasizing the importance of both aesthetic appeal and sustainable practices.

Company Size and Market Presence

Nilorngruppen AB is classified as a medium-sized enterprise with a significant presence in the market, serving clients globally. While specific revenue figures are not disclosed, the company's commitment to quality and sustainability has made it a key player in the branding industry, particularly within the fashion sector.

Attack Overview

The Play ransomware group, also known as PlayCrypt, has claimed responsibility for the attack on Nilorngruppen AB via their dark web leak site. The attack has disrupted the company's operations and potentially compromised sensitive data. The Play ransomware group has been active since June 2022 and has targeted a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.

About Play Ransomware Group

The Play ransomware group distinguishes itself by using various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. They execute their code using scheduled tasks and PsExec, and maintain persistence on compromised systems. The group employs tools to disable antimalware and monitoring solutions, and uses custom tools to enumerate users and computers on a compromised network. Unlike typical ransomware groups, Play ransomware does not include an initial ransom demand or payment instructions in its ransom notes, directing victims to contact the threat actors via email instead.

Potential Vulnerabilities

Nilorngruppen AB's focus on integrating technology with branding, as exemplified by their product Nilörn:CONNECT™, may have made them a target for threat actors like the Play ransomware group. The company's reliance on digital solutions to enhance brand information and engagement could have exposed vulnerabilities that the attackers exploited to penetrate their systems.

Sources

• Nilorngruppen AB Official Website
• SOCRadar: Dark Web Profile - Play Ransomware
• Cyberint: Get to Know Play Ransomware
• Proven Data: Play Ransomware