Seagulf Marine Industries Hit by Play Ransomware, Data Severely Compromised

Incident Date:

June 12, 2024

World map

Overview

Title

Seagulf Marine Industries Hit by Play Ransomware, Data Severely Compromised

Victim

Seagulf Marine Industries Inc.

Attacker

Play

Location

Delson, Canada

, Canada

First Reported

June 12, 2024

Ransomware Attack on Seagulf Marine Industries Inc. by Play Ransomware Group

Company Overview

Seagulf Marine Industries Inc., based in Montreal, Quebec, is a prominent player in the maritime and offshore industries. With over 50 years of experience, the company specializes in marine engineering, shipbuilding, and maintenance. They are known for their comprehensive range of services, including the design and construction of marine vessels, repair and maintenance services, and the supply of marine equipment and spare parts. The company employs 25 people and generates an annual revenue of $6 million.

Attack Overview

Seagulf Marine Industries Inc. recently fell victim to a ransomware attack orchestrated by the Play ransomware group. The attack compromised private and personal confidential data, client documents, budget, payroll, accounting, contracts, taxes, IDs, and financial information. The breach was announced on Play's dark web leak site, highlighting the severity of the data exposure.

Ransomware Group Profile

The Play ransomware group, operated by Ransom House, is notorious for targeting Linux systems. Initially linked to the Babuk code, Play ransomware has evolved to target ESXi lockers. The group is known for its sophisticated encryption methods and unique ransom note communication. Play ransomware actors often use various hack tools and utilities to penetrate systems, including AnyDesk, NetCat, and encoded PowerShell Empire scripts.

Vulnerabilities and Penetration

Seagulf Marine Industries Inc.'s vulnerabilities likely stem from their extensive digital operations and the sensitive nature of their data. The company's reliance on advanced engineering techniques and state-of-the-art technology may have exposed them to sophisticated cyber threats. The Play ransomware group could have exploited these vulnerabilities through phishing attacks, exploiting unpatched software, or leveraging weak network security protocols.

Impact on the Industry

This attack underscores the growing threat of ransomware to the maritime and offshore industries. Companies like Seagulf Marine Industries Inc., which play a crucial role in marine engineering and shipbuilding, must prioritize cybersecurity to protect their sensitive data and maintain operational integrity.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.