Play Group Ransomware Attack Exposes Original Herkimer Cheese's Vulnerabilities

Incident Date:

April 26, 2024

World map



Play Group Ransomware Attack Exposes Original Herkimer Cheese's Vulnerabilities


Original Herkimer Cheese




Ilion, USA

New York, USA

First Reported

April 26, 2024

Ransomware Attack on Original Herkimer Cheese by Play Group

Company Profile

Original Herkimer Cheese, a family-owned business since 1949, specializes in artisanal cheeses, including aged cheddar, cheese balls, logs, and flavored dips. Known for innovation in the dairy sector, they introduced Chutter® and were pioneers in selling the first cheeseball in grocery stores. Operating with less than 25 employees, this small-scale business emphasizes quality and local sourcing, contributing to its national reputation.

Details of the Cyberattack

The Play ransomware group, known for targeting Linux systems and associated with the Babuk code, has claimed responsibility for the attack on Original Herkimer Cheese. The attack compromised the company's website, leading to the potential leak of sensitive data including client documents, payroll records, and financial information.

Vulnerabilities and Industry Impact

As a small business with limited resources, Original Herkimer Cheese may face challenges in implementing comprehensive cybersecurity measures, making them a softer target for ransomware attacks. The dairy industry, while not typically a prime target for cyberattacks, holds valuable data on supply chains and production processes, which can be lucrative for cybercriminals.



Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.