The Rhysida ransomware group has taken credit for the recent cyberattack on boat dealer MarineMax and is offering to sell data allegedly stolen from the company for a significant amount of money.
MarineMax is one of the world’s largest retailers of recreational boats and yachts. The company has over 125 locations worldwide and nearly 4,000 employees, and it reported a revenue of more than $500 million in the first fiscal quarter of 2024.
MarineMax announced in an SEC filing earlier this month that it was targeted in a cyberattack that led to some disruption. The company shared little information on the incident.
Now, the Rhysida ransomware group has taken credit for the attack, auctioning data allegedly stolen from MarineMax on its Tor-based website, with the price starting at 15 bitcoin ($950,000).
The fact that the data is up for sale indicates that the victim has refused to pay the ransom demanded by the cybercrooks.
In order to demonstrate that they have stolen valuable data from MarineMax, the cybercriminals have published a couple of screenshots apparently showing financial documents and some spreadsheets. It’s unclear based on these screenshots, which have a fairly low resolution, exactly how sensitive the data is.
However, the company said in its regulatory filing related to this incident that it does not store sensitive data in the compromised environment.
The Rhysida ransomware group emerged in May 2023 and it has targeted organizations in various sectors, including government, IT, manufacturing, healthcare, and education. The US government issued an advisory for Rhysida in November 2023. The black hat hackers not only steal data from victims but also encrypt files stored on compromised systems.
In February 2024, researchers announced cracking the file encryption method used by the Rhysida ransomware and developed a decryption tool that victims could leverage to recover their files without paying a ransom. However, it would not be surprising if the cybercriminals had since made changes to the malware to ensure that the decryption tool would no longer work for new victims.
It’s unclear if the cybercriminals encrypted files in the MarineMax attack or if they focused on data theft.
SecurityWeek has reached out to the company for additional information and will update this article if it responds.
Related: Nissan Data Breach Affects 100,000 Individuals
Related: Anatomy of a BlackCat Attack Through the Eyes of Incident Response
Related: Cyberattack Disrupts Production at Varta Battery Factories