Play ransomware group claims a major cyber attack on U.S. chipmaker Microchip

The Play ransomware group has claimed responsibility for a cyber attack on American semiconductor company Microchip Technology and has threatened to leak the data it stole from the company if its ransom demands aren’t met.

 

In a filing with the U.S. Securities and Exchange Commission in August, Microchip Technology said that on August 17, it identified suspicious activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The U.S. chipmaker said it took steps to contain the incident and secure the affected portion of its network. The ransomware attack, however, affected its manufacturing facilities, forcing them to operate “at less than normal levels” which, in turn, affected Microchip’s ability to fulfill orders.

 

Recently, the Play ransomware group claimed responsibility for the cyber attack and listed Microchip as a victim on its data leak site. The group claimed to be in possession of private and personal confidential data, clients’ documents, budget, payroll & accounting data and more.

 

 

The group has reportedly given the company two days to meet its ransom demands, failing which it will leak the stolen data.

 

Acknowledging the claims of the hacker group, a Microchip spokesperson told Comparitech, “We are aware of claims made by a third party relating to the recent IT disruption we disclosed. We take this issue very seriously and have notified law enforcement. Microchip continues to work diligently on our investigation and remediation efforts with the assistance of our external cybersecurity advisors.”

 

Microchip is yet to share details on how the threat actors infiltrated its internal network. Also, the Play ransomware group did not provide details on the amount of ransom demanded, whether the company failed to meet its ransom demands or whether it has decided to leak the stolen data.