Ransomware Attack on Heritage Cooperative by Play Group

Attack Overview

A prominent entity in the agricultural sector, Heritage Cooperative, recently fell victim to a ransomware attack orchestrated by the cybercriminal group known as Play. This attack compromised a significant amount of sensitive data including client documents, payroll information, and financial records. Making potential for severe disruption and loss evident.

Company Profile

Heritage Cooperative Inc. is a key player in the agriculture industry, providing a wide range of products and services such as fertilizers, chemicals, seeds, and grain handling. With a history spanning over 100 years, the cooperative serves more than 15,000 customers and maintains a workforce exceeding 600 employees. The cooperative's substantial market presence and extensive data repositories make it a significant target for cybercriminal activities.

Details of the Cyber Attack

The Play ransomware group, known for its Linux-targeting ransomware derived from the Babuk code, claimed responsibility for the attack through their dark web leak site. While the ransom demand specifics were not disclosed, the attack's timing and the sensitive nature of the stolen data suggest a highly strategic assault aimed at maximizing pressure on the cooperative to comply with the ransom demands.

Why Heritage Cooperative?

The cooperative's extensive integration of technology in operations, coupled with its significant data pools related to agricultural transactions and personal employee information, presents multiple vectors for cyber attacks. The cooperative's role in food supply and its large-scale operational data make it a lucrative target for ransomware groups like Play, who seek to capitalize on the urgency and sensitivity of the data held by such organizations.

Sources

• Heritage Cooperative - About Us
• SentinelOne Labs - Hypervisor Ransomware: Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers