Play ransomware gang hit Dutch shipping firm Royal Dirkzwager

Pierluigi Paganini March 20, 2023

Dutch maritime logistics company Royal Dirkzwager suffered a ransomware attack, the company was hit by the Play ransomware gang.

The Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager.

Royal Dirkzwager is specialized in optimizing shipping processes and managing maritime and logistic information flows.

The ransomware group added the company to its Tor data leak site and announced the theft of stolen private and personal confidential data, employee IDs, passports, contracts and etc.

The gang initially leaked a 5 GB archive as proof of the hack and threatens to release the full dump if the company will not pay the ransom.

Royal Dirkzwager Play ransomware

Company CEO Joan Blaas said that the ransomware attack did not impact the operations of the company. He confirmed that threat actors have stolen sensitive data from its infrastructure.

“It has had a huge impact on our employees. Over the last year, because of the company’s bankruptcy, we had to let go of people and not everyone could stay. We had to move offices and now this. It’s been a very difficult time,” Company CEO Joan Blaas told The Record.

The company notified the Dutch Data Protection Authority and confirmed it is in negotiations with the ransomware group.

The Play ransomware group has been active since July 2022, the list of victims includes the City of Oakland and the Cloud services provider Rackspace.

The shipping industry is a privileged target of cybercrime organizations. In January, about 1,000 vessels have been impacted by a ransomware attack against DNV, one of the major maritime software suppliers. 

DNV GL provides solutions and services throughout the life cycle of any vessel, from design and engineering to risk assessment and ship management. The Norwegian company provides services for 13,175 vessels and mobile offshore units (MOUs) amounting to 265.4 million gross tonnes, which represents a global market share of 21%.

In February 2022, a cyber attack hit Oiltanking GmbH, a German petrol distributor that supplies Shell gas stations in the country, severely impacting its operations. According to the media, the attack also impacted the oil supplier Mabanaft GmbH. The two companies belong to the Marquard & Bahls group.

In November 2021, researchers from threat intelligence firm Intel 471 published an analysis of cybercrime underground trends online, warning that initial access brokers were offering credentials or other forms of access to shipping and logistics organizations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Royal Dirkzwager)

you might also like

leave a comment