Ransomware Attack on Semicore Equipment: Play Ransomware Group
Ransomware Attack on Semicore Equipment by Play Ransomware Group
Victim Overview
Semicore Equipment, a USA-based company founded in 1996, specializes in advanced coating and deposition systems for industries such as electronics, academics, optical, solar energy, medical, automotive, and military. With 10 employees and an annual revenue of $3 million, Semicore Equipment stands out for its expertise in vacuum deposition and custom vacuum systems.
Attack Details
The cybercrime group Play targeted Semicore Equipment in a ransomware attack, exfiltrating sensitive data including private and personal confidential information, client documents, budget details, payroll records, accounting data, contracts, tax information, IDs, and financial data. The ransom demand remains undisclosed, highlighting the ongoing threat of ransomware attacks on technology and manufacturing companies.
Ransomware Group Profile
Play ransomware, operated by Ransom House, is known for targeting Linux systems and has evolved from data theft to deploying cryptographic lockers. The group shares similarities with Baseline Babuk in encryption methods and file searching functionality, using Sosemanuk for encryption. Play ransomware actors have been observed submitting binaries containing hack tools and utilities after achieving initial access.
Company Vulnerabilities
Semicore Equipment's specialization in high-tech industries and possession of valuable data make it an attractive target for threat actors like the Play ransomware group. The company's small size may also pose challenges in implementing robust cybersecurity measures to defend against sophisticated attacks.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!