• Home
  • cyber
  • Jamco Aerospace: Major supplier of military and commercial aircraft allegedly hit by Play ransomware
cyber Ransomware

Jamco Aerospace: Major supplier of military and commercial aircraft allegedly hit by Play ransomware

Aug 11, 2025 2 min read
Jamco Aerospace: Major supplier of military and commercial aircraft allegedly hit by Play ransomware

Play Ransomware Targets Jamco Aerospace, Threatens Data Leak

Jamco Aerospace, a New York-based engineering firm supplying critical components to aerospace and defense manufacturers including U.S. government contractors was listed on the dark web leak site of the Play ransomware gang on August 6. The attackers set a ransom deadline of August 10, claiming to have exfiltrated sensitive data, including private documents, client records, payroll, financial information, IDs, and tax files. While the exact volume of stolen data remains unspecified, Play has begun releasing portions of it, threatening to publish the rest if Jamco fails to engage.

As of now, Jamco Aerospace has not publicly acknowledged the breach, and the authenticity of the leaked data has not been independently verified.

Play ransomware has rapidly ascended as a major threat, ranking fourth in victim count (125 reported cases) in Rapid7’s Q2 2025 report nearly double the next most active group. Since 2022, the gang has compromised roughly 900 organizations globally, with tactics outlined in a June 4 joint advisory by CISA, the FBI, and Australia’s ACSC. Attackers initiate contact via unique @gmx.de or @web.de email addresses, and in some cases, phone calls, pressuring victims with threats of data exposure.

Play’s operations exploit CVE-2024-57727, a remote code execution vulnerability in SimpleHelp, a remote management tool disclosed in January 2025. The group also employs customized ransomware binaries for each attack, recompiling them to evade detection. Their ESXi variant further disrupts virtualized environments by shutting down VMs, listing machine names, and encrypting VM-related files with per-file encryption keys. If no command-line arguments are provided, the malware automatically powers off all VMs before encryption.

The incident underscores Play’s growing sophistication and its focus on high-value targets, particularly in defense and critical infrastructure sectors.

Source: https://www.cyberdaily.au/security/12489-major-supplier-of-military-and-commercial-aircraft-allegedly-hit-by-play-ransomware

Jamco cybersecurity rating report: https://www.rankiteo.com/company/jamco-news

"id": "JAM1773203261",
"linkid": "jamco-news",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Aerospace and Defense',
                        'location': 'New York, USA',
                        'name': 'Jamco Aerospace',
                        'type': 'Engineering Firm'}],
 'attack_vector': 'Remote Code Execution (CVE-2024-57727 in SimpleHelp)',
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Private documents',
                                              'Client records',
                                              'Payroll',
                                              'Financial information',
                                              'IDs',
                                              'Tax files']},
 'date_detected': '2025-08-06',
 'date_publicly_disclosed': '2025-08-06',
 'description': 'Jamco Aerospace, a New York-based engineering firm supplying '
                'critical components to aerospace and defense manufacturers '
                'including U.S. government contractors, was listed on the dark '
                'web leak site of the Play ransomware gang on August 6. The '
                'attackers set a ransom deadline of August 10, claiming to '
                'have exfiltrated sensitive data, including private documents, '
                'client records, payroll, financial information, IDs, and tax '
                'files. Play has begun releasing portions of the data, '
                'threatening to publish the rest if Jamco fails to engage. As '
                'of now, Jamco Aerospace has not publicly acknowledged the '
                'breach, and the authenticity of the leaked data has not been '
                'independently verified.',
 'impact': {'data_compromised': 'Sensitive data including private documents, '
                                'client records, payroll, financial '
                                'information, IDs, and tax files',
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Remote Code Execution '
                                          '(CVE-2024-57727 in SimpleHelp)',
                           'high_value_targets': 'Defense and critical '
                                                 'infrastructure sectors'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, data extortion',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'Play'},
 'references': [{'source': 'Rapid7’s Q2 2025 report'},
                {'source': 'CISA, FBI, and Australia’s ACSC joint advisory '
                           '(June 4)'}],
 'threat_actor': 'Play Ransomware Gang',
 'title': 'Play Ransomware Targets Jamco Aerospace, Threatens Data Leak',
 'type': 'Ransomware',
 'vulnerability_exploited': 'CVE-2024-57727'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.