Ransomware Attack on Nora Biscuits: A Detailed Analysis

On October 15, Nora Biscuits, a prominent biscuit manufacturer based in Maastricht, Netherlands, became the latest victim of a ransomware attack by the notorious Play ransomware group. This incident highlights the vulnerabilities faced by companies in the manufacturing sector, particularly those with significant digital infrastructure supporting their operations.

About Nora Biscuits

Nora Biscuits, officially known as Banketbakkerij Nora B.V., has been a staple in the biscuit industry since its founding in 1906 by the Raeven family. The company is renowned for its diverse range of biscuit products, including crunchy bars, oat-based snacks, and savory biscuits. With a strong emphasis on quality and innovation, Nora Biscuits has established itself as a leader in both national and international markets. The company operates a modern production facility and employs around 42 individuals, generating an annual revenue of approximately $13 million. A significant portion of its business revolves around private label production, accounting for 90-95% of its output.

Attack Overview

The Play ransomware group, active since June 2022, claimed responsibility for the attack on Nora Biscuits. The group is known for targeting a wide range of industries, including IT, transportation, and critical infrastructure. In this instance, the attack compromised Nora's digital infrastructure, though the full extent of the data breach remains unclear. The incident underscores the persistent threat posed by ransomware groups to businesses that rely heavily on digital systems.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, distinguishes itself through its sophisticated attack methods and diverse victimology. The group employs various techniques to gain initial access, including exploiting vulnerabilities in RDP servers and Microsoft Exchange. They are known for using custom tools and network scanners to infiltrate and maintain persistence within compromised systems. Unlike typical ransomware groups, Play does not include an initial ransom demand in its notes, directing victims to contact them via email instead.

Potential Vulnerabilities

Nora Biscuits' reliance on digital infrastructure for its operations may have made it an attractive target for the Play group. The company's focus on innovation and international market presence likely necessitates extensive data management systems, which, if not adequately secured, can be vulnerable to cyberattacks. This incident serves as a reminder of the importance of effective cybersecurity measures in protecting sensitive business and customer data.

Sources

• Nora Biscuits Official Website
• SOCRadar: Dark Web Profile - Play Ransomware
• Cyberint: Get to Know Play Ransomware
• Proven Data: Play Ransomware