Bordelon Marine

In September 2023, Bordelon Marine, a U.S.-based marine services company, fell victim to a targeted Play Ransomware Group attack. The cybercriminals, known for their advanced tactics, exploited system vulnerabilities and deployed tools like AdFind to extract Active Directory data before encrypting critical files with a '.play' extension. The attack was part of a wider campaign, with the group publicly listing Bordelon Marine among six organizations on their Tor-based data leakage site, strongly suggesting a data breach alongside the ransomware encryption. The incident aligns with the group’s pattern of double extortion encrypting files while threatening to leak stolen data unless a ransom is paid. While the exact scope of compromised data (e.g., employee records, customer details, or proprietary marine operations) remains undisclosed, the public disclosure on the dark web implies sensitive information was exfiltrated. The attack disrupted Bordelon Marine’s operations, potentially halting services, damaging reputation, and incurring financial losses from recovery efforts or ransom negotiations. The Play Ransomware Group’s expansion into the U.S. underscores the escalating threat of sophisticated ransomware operations targeting critical infrastructure sectors.

Source: https://cyberwarzone.com/play-ransomware-group-targets-six-prominent-companies/

TPRM report: https://www.rankiteo.com/company/bordelon-marine

"id": "bor457092125",
"linkid": "bordelon-marine",
"type": "Ransomware",
"date": "9/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'marine',
                        'location': 'USA',
                        'name': 'Bordelon Marine',
                        'type': 'company'}],
 'attack_vector': ['exploiting known vulnerabilities',
                   'use of AdFind for Active Directory reconnaissance'],
 'data_breach': {'data_encryption': True},
 'date_detected': '2023-09',
 'description': 'In September 2023, Bordelon Marine in the USA was targeted by '
                'the Play Ransomware Group. The group, active since June 2022, '
                'expanded its operations from Latin America to the U.S. and '
                "Germany. The attack involved encrypting files with a '.play' "
                'extension, part of a broader trend of ransomware and malware '
                'attacks. The Play Ransomware Group listed six businesses on '
                'their data leakage site on the Tor network, indicating '
                'potential data breaches.',
 'ransomware': {'data_encryption': True,
                'ransomware_strain': 'Play Ransomware'},
 'threat_actor': 'Play Ransomware Group',
 'title': 'Bordelon Marine Ransomware Attack by Play Ransomware Group',
 'type': ['ransomware', 'malware']}

Bordelon Marine

DigitalMint and Sygnia Cybersecurity: Chicago cybersecurity firm employee brokered $75M in ransom after orchestrating hacks, feds say

England Hockey: England Hockey Investigates Possible Data Breach by AiLock Ransomware Group

Bell Ambulance: Bell Ambulance breach impacts over 237K