Ransomware Attack on Badger Tag & Label Corp. - Cybersecurity Vulnerabilities and Play Ransomware Group

Incident Date: May 10, 2024

Attack Overview

VICTIM

Badger Tag & Label

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Play

FIRST REPORTED

May 10, 2024

Request Removal

Ransomware Attack on Badger Tag & Label Corp.

About Badger Tag & Label Corp.

Badger Tag & Label Corp. is a family-owned business that has been operating since 1935. Specializing in custom printing and manufacturing of tags and labels for various industries, including food, chemical, retail, and steel manufacturing, the company offers a wide range of tags made from materials like metal, leather, plastic, and paper. Additional services such as consulting, designing, screen printing, dye sublimation, and embroidery are also provided.

Standing out in the industry for its ability to provide custom-designed tags, tooling, prototyping, printing, die stamping, and embossing services, The company also offers a wide range of customization options. Serving various industries and known for its UL-listed products, the company is a reliable choice for businesses.

Cybersecurity Vulnerabilities

Badger Tag and Label Corp. was targeted in a cybercrime attack by an entity known as "Play." The attack involved the use of ransomware, although the specific ransom amount was not disclosed. The attacker managed to gain unauthorized access to a substantial amount of sensitive data, including private and personal confidential information, client documents, budget details, payroll records, accounting information, contracts, tax documents, IDs, financial data, and more. The exact volume of data that was exfiltrated remains undisclosed at this time.

Ransomware Group: Play

The ransomware group known as Play, associated with the Babuk code and targeting Linux systems, has evolved to deploy cryptographic lockers and is operated by Ransom House. Observations have shown the group submitting binaries containing hack tools and utilities after gaining initial access to networks, highlighting the sophisticated nature of their operations.

Using Sosemanuk for encryption and including a ransom note filename "How To Restore Your Files.txt" in its samples, Play ransomware has a unique approach to victim communication, providing explicit instructions on how to contact the actors. This level of detail and organization sets them apart from other ransomware groups, making them a formidable threat in the cybersecurity landscape.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.