Ransomware Attack on Semicore Equipment by Play Ransomware Group

Victim Overview

Semicore Equipment, a USA-based company founded in 1996, specializes in advanced coating and deposition systems for industries such as electronics, academics, optical, solar energy, medical, automotive, and military. With 10 employees and an annual revenue of $3 million, Semicore Equipment stands out for its expertise in vacuum deposition and custom vacuum systems.

Attack Details

The cybercrime group Play targeted Semicore Equipment in a ransomware attack, exfiltrating sensitive data including private and personal confidential information, client documents, budget details, payroll records, accounting data, contracts, tax information, IDs, and financial data. The ransom demand remains undisclosed, highlighting the ongoing threat of ransomware attacks on technology and manufacturing companies.

Ransomware Group Profile

Play ransomware, operated by Ransom House, is known for targeting Linux systems and has evolved from data theft to deploying cryptographic lockers. The group shares similarities with Baseline Babuk in encryption methods and file searching functionality, using Sosemanuk for encryption. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after achieving initial access.

Company Vulnerabilities

Semicore Equipment's specialization in high-tech industries and possession of valuable data make it an attractive target for threat actors like the Play ransomware group. The company's small size may also pose challenges in implementing robust cybersecurity measures to defend against sophisticated attacks.

Sources:

• RocketReach - Semicore Equipment Inc. Profile
• SentinelOne - Play Ransomware Group