Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax

The Rhysida ransomware group has taken credit for the cyberattack on MarineMax and is offering to sell stolen data for 15 bitcoin.

The Rhysida ransomware group has taken credit for the recent cyberattack on boat dealer MarineMax and is offering to sell data allegedly stolen from the company for a significant amount of money.

MarineMax is one of the world’s largest retailers of recreational boats and yachts. The company has over 125 locations worldwide and nearly 4,000 employees, and it reported a revenue of more than $500 million in the first fiscal quarter of 2024.

MarineMax announced in an SEC filing earlier this month that it was targeted in a cyberattack that led to some disruption. The company shared little information on the incident.

Now, the Rhysida ransomware group has taken credit for the attack, auctioning data allegedly stolen from MarineMax on its Tor-based website, with the price starting at 15 bitcoin ($950,000). 

The fact that the data is up for sale indicates that the victim has refused to pay the ransom demanded by the cybercrooks. 

In order to demonstrate that they have stolen valuable data from MarineMax, the cybercriminals have published a couple of screenshots apparently showing financial documents and some spreadsheets. It’s unclear based on these screenshots, which have a fairly low resolution, exactly how sensitive the data is.

However, the company said in its regulatory filing related to this incident that it does not store sensitive data in the compromised environment.

The Rhysida ransomware group emerged in May 2023 and it has targeted organizations in various sectors, including government, IT, manufacturing, healthcare, and education. The US government issued an advisory for Rhysida in November 2023. The black hat hackers not only steal data from victims but also encrypt files stored on compromised systems. 

Advertisement. Scroll to continue reading.

In February 2024, researchers announced cracking the file encryption method used by the Rhysida ransomware and developed a decryption tool that victims could leverage to recover their files without paying a ransom. However, it would not be surprising if the cybercriminals had since made changes to the malware to ensure that the decryption tool would no longer work for new victims.

It’s unclear if the cybercriminals encrypted files in the MarineMax attack or if they focused on data theft. 

SecurityWeek has reached out to the company for additional information and will update this article if it responds. 

Related: Nissan Data Breach Affects 100,000 Individuals

Related: Anatomy of a BlackCat Attack Through the Eyes of Incident Response

Related: Cyberattack Disrupts Production at Varta Battery Factories

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ransomware

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Ransomware

Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.