Ransomware Attack on Semicore Equipment: Play Ransomware Group
Incident Date:
May 22, 2024
Overview
Title
Ransomware Attack on Semicore Equipment: Play Ransomware Group
Victim
Semicore Equipment
Attacker
Play
Location
First Reported
May 22, 2024
Ransomware Attack on Semicore Equipment by Play Ransomware Group
Victim Overview
Semicore Equipment, a USA-based company founded in 1996, specializes in advanced coating and deposition systems for industries such as electronics, academics, optical, solar energy, medical, automotive, and military. With 10 employees and an annual revenue of $3 million, Semicore Equipment stands out for its expertise in vacuum deposition and custom vacuum systems.
Attack Details
The cybercrime group Play targeted Semicore Equipment in a ransomware attack, exfiltrating sensitive data including private and personal confidential information, client documents, budget details, payroll records, accounting data, contracts, tax information, IDs, and financial data. The ransom demand remains undisclosed, highlighting the ongoing threat of ransomware attacks on technology and manufacturing companies.
Ransomware Group Profile
Play ransomware, operated by Ransom House, is known for targeting Linux systems and has evolved from data theft to deploying cryptographic lockers. The group shares similarities with Baseline Babuk in encryption methods and file searching functionality, using Sosemanuk for encryption. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after achieving initial access.
Company Vulnerabilities
Semicore Equipment's specialization in high-tech industries and possession of valuable data make it an attractive target for threat actors like the Play ransomware group. The company's small size may also pose challenges in implementing robust cybersecurity measures to defend against sophisticated attacks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.