GrammaTech, a US-based cybersecurity research outfit, has been claimed by a prominent ransomware cartel. The company, allegedly under attack, frequently works with US government bodies such as DARPA, the Department of War (DoW), and other key institutions. GrammaTech denies it's systems were breached.
The cybersecurity research firm’s name appeared on Play ransomware’s dark web blog, which the group uses to showcase its latest victims. While attackers claim they have obtained private and confidential data, they provide no evidence or a data sample to support their claims.
Meanwhile, GrammaTech said the company investigated attacker claims, concluding its systems were not impacted in any way.
“After conducting a thorough review of our systems and security protocols, we confirm that GrammaTech has not been breached and our operations have not been impacted or compromised. Our investigation found no evidence of any unauthorized access or data compromise,” the company explained.
“We have extensively examined our current operating systems and technology infrastructure and confirmed the integrity of all systems,”
GrammaTech said.
The conversation on this topic is live. Join in the discussion.
GrammaTech said it has conducted an extensive examination of its systems and found no security issue.
”These claims appear to originate from unsubstantiated allegations posted by cybercriminal actors. We have extensively examined our current operating systems and technology infrastructure and confirmed the integrity of all systems,” the company explained.
GrammaTech likely caught attackers' interest because the company provides software analysis, vulnerability detection, and other services. The company lists the Defense Advanced Research Projects Agency (DARPA), US Homeland Security, NASA, Air Force Research Laboratory, and other institutions among its partners.
For example, the company’s most recent press release, dated September 9th, discussed its partnership with the US Department of Defense, recently renamed to DoW.
Meanwhile, Play ransomware claims it also accessed business service information. According to the Cybernews research team, if cybercrooks' claims are confirmed, the fallout from the attack could be limited as “operational data and vulnerability insights are not necessarily affected.”
“If the company was hired to work with confidential systems, where their existence is hidden from the public, it might reveal some confidential details, but otherwise the impact is more limited,” our team said.
Who is the Play ransomware cartel?
Meanwhile, Play ransomware is a major player in the cybercrime underworld, elbowing its way into the top three of the most active ransomware cartels last year.
In early August, the ransomware cartel claimed Jamco Aerospace Inc., a commercial and military aircraft industrial parts supplier for the US Navy, Boeing, and Northrop Grumman.
In 2023, Play was behind the attack against the Palo Alto County Sheriff's office in Iowa and the Donald W. Wyatt maximum security detention center in Rhode Island.
Data from Cybernews’ dark web monitoring tool, Ransomlooker, shows that Play targeted at least 376 companies over the last 12 months, making it one of most prolific gangs over the selected period.
According to an Adlumin profile, Play is thought to be one of the first ransomware groups to use intermittent encryption, in which only certain fixed segments of a system are encrypted.
The method allows for faster access and exfiltration of a victim's data, and it seems other notorious groups have since adopted the tactic, including ALPHV/BlackCat, DarkBit, and BianLian.
Updated on September 24th [08:45 a.m. GMT] with a statement from GrammaTech.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked