Microchip Technology Hit by Play Ransomware Attack

Microchip Technology, a leading semiconductor manufacturer based in Chandler, Arizona, has fallen victim to a ransomware attack orchestrated by the Play ransomware group. The breach, discovered on August 17, 2024, has led to significant operational disruptions and the compromise of sensitive information.

Company Overview

Founded in 1989, Microchip Technology Incorporated specializes in the design and manufacturing of microcontrollers, mixed-signal, analog, and Flash-IP integrated circuits. The company employs approximately 22,300 people and reported revenues of $7.6 billion for the fiscal year 2024. Microchip is renowned for its extensive product portfolio, which includes over 1,200 microcontroller devices, various analog products, and specialized solutions for embedded control applications.

Attack Overview

The ransomware attack led to the temporary disruption of operations at several of Microchip's manufacturing facilities. The company confirmed that employee contact information and some encrypted passwords were compromised. However, there is no evidence that customer or supplier data was affected. Play ransomware claims to have stolen various sensitive information, including financial records and contracts. While critical IT systems have been restored, certain manufacturing facilities are still operating below normal levels, impacting the company's ability to fulfill orders.

About Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022. Initially targeting Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange to gain initial access. The group uses tools like Mimikatz for privilege escalation and employs custom tools to enumerate users and computers on compromised networks.

Penetration Methods

Play ransomware likely penetrated Microchip's systems through vulnerabilities in RDP servers or Microsoft Exchange. The group is adept at using scheduled tasks and PsExec for execution and persistence. They also disable antimalware solutions using tools like Process Hacker and GMER. The ransomware's minimalistic ransom notes direct victims to contact the threat actors via email, distinguishing it from other ransomware groups.

Impact and Response

Microchip Technology has engaged external cybersecurity experts to investigate the full scope and impact of the incident. While the company has resumed processing orders, the ongoing operational disruptions at certain manufacturing facilities may affect its ability to meet demand. The long-term financial impact of the attack remains uncertain.

• Microchip Technology
• Microchip Technology - Wikipedia
• SOCRadar - Play Ransomware
• Cyberint - Play Ransomware
• Proven Data - Play Ransomware