Ransomware Breach at Andantex USA by Play Group
Incident Date:
September 29, 2024
Overview
Title
Ransomware Breach at Andantex USA by Play Group
Victim
Andantex USA
Attacker
Play
Location
First Reported
September 29, 2024
Ransomware Attack on Andantex USA by Play Ransomware Group
Andantex USA, a prominent player in the manufacturing sector, has recently fallen victim to a ransomware attack orchestrated by the notorious Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data, posing significant risks to the company and its clients.
Company Profile: Andantex USA
Andantex USA, also known as Redex USA Inc., is a well-established manufacturer specializing in high-precision motion control components and systems. Headquartered in Ocean Township, New Jersey, the company has been operational since 1980. With approximately 21 employees and an annual revenue of around $22 million, Andantex USA serves industries such as machine tools, automation, material handling, and packaging. The company is renowned for its extensive product line, including servo planetary reducers, right angle gearboxes, and automatic lubrication systems, which position it as a leader in high-precision motion control solutions.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on Andantex USA, which has led to the compromise of sensitive data, including client documents, payroll records, and financial data. The breach highlights the vulnerabilities that companies in the manufacturing sector face, particularly those with valuable intellectual property and critical operational data.
About the Play Ransomware Group
Active since June 2022, the Play ransomware group, also known as PlayCrypt, has been involved in numerous high-profile attacks across various industries. Initially targeting Latin America, the group has expanded its operations to North America and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others, to gain unauthorized access to networks. The group distinguishes itself by not including an initial ransom demand in its notes, directing victims to contact them via email instead.
Potential Vulnerabilities and Penetration Methods
Andantex USA's reliance on high-precision motion control systems and its extensive product portfolio make it an attractive target for ransomware groups seeking to disrupt operations and extract valuable data. The Play ransomware group likely exploited vulnerabilities in the company's network infrastructure, potentially through compromised VPN accounts or unpatched software vulnerabilities, to gain access to sensitive information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.