Ransomware Attack on Mauritzon by Play Ransomware Group

Overview

A cybercrime attack targeted the website mauritzon.net based in the USA, carried out by an attacker known as "Play" using ransomware. The attack resulted in the theft of various sensitive data types, including private and confidential information such as client documents, budgets, payroll, accounting records, contracts, taxes, IDs, and financial information.

Victim Profile

Mauritzon, Inc. is a well-established industrial textile wholesale manufacturer and distributor based in Chicago, Illinois. The company has been in operation for over a century and is one of the largest and most diversified in its industry. Mauritzon offers a wide range of products, including adhesives, athletic fabrics, awning and marine fabrics, canvas fabrics, cargo restraints, and more.

Company Vulnerabilities

The company's extensive operations and valuable data make it an attractive target for threat actors. The company's long-standing presence in the industry and diverse product offerings may have made it a prime target for the Play ransomware group.

Play Ransomware Group Tactics

The Play ransomware group, operated by Ransom House, has evolved from data theft to deploying cryptographic lockers. The group targets Linux systems and uses encryption methods similar to Baseline Babuk. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after gaining initial access to victim networks.

Sources:

• SentinelOne - Play Ransomware Group Profile
• Sophos - Ransomware Gangs and the Media
• TechTarget - Ransomware Definition
• UK Parliament Report on Ransomware
• Check Point - Ransomware Threat Prevention