Ransomware Attack on Badger Tag & Label Corp. - Cybersecurity Vulnerabilities and Play Ransomware Group

Incident Date:

May 10, 2024

World map

Overview

Title

Ransomware Attack on Badger Tag & Label Corp. - Cybersecurity Vulnerabilities and Play Ransomware Group

Victim

Badger Tag & Label

Attacker

Play

Location

Random Lake, USA

Wisconsin, USA

First Reported

May 10, 2024

Ransomware Attack on Badger Tag & Label Corp.

About Badger Tag & Label Corp.

Badger Tag & Label Corp. is a family-owned business that has been operating since 1935. Specializing in custom printing and manufacturing of tags and labels for various industries, including food, chemical, retail, and steel manufacturing, the company offers a wide range of tags made from materials like metal, leather, plastic, and paper. Additional services such as consulting, designing, screen printing, dye sublimation, and embroidery are also provided.

Standing out in the industry for its ability to provide custom-designed tags, tooling, prototyping, printing, die stamping, and embossing services, The company also offers a wide range of customization options. Serving various industries and known for its UL-listed products, the company is a reliable choice for businesses.

Cybersecurity Vulnerabilities

Badger Tag and Label Corp. was targeted in a cybercrime attack by an entity known as "Play." The attack involved the use of ransomware, although the specific ransom amount was not disclosed. The attacker managed to gain unauthorized access to a substantial amount of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, accounting information, contracts, tax documents, IDs, financial data, and more. The exact volume of data that was exfiltrated remains undisclosed at this time.

Ransomware Group: Play

The ransomware group known as Play, associated with the Babuk code and targeting Linux systems, has evolved to deploy cryptographic lockers and is operated by Ransom House. Observations have shown the group submitting binaries containing hack tools and utilities after gaining initial access to networks, highlighting the sophisticated nature of their operations.

Using Sosemanuk for encryption and including a ransom note filename "How To Restore Your Files.txt" in its samples, Play ransomware has a unique approach to victim communication, providing explicit instructions on how to contact the actors. This level of detail and organization sets them apart from other ransomware groups, making them a formidable threat in the cybersecurity landscape.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.