In March of this year, MarineMax, a prominent yacht manufacturer, found itself targeted by a cyber attack, which security experts later identified as a ransomware attack orchestrated by the Rhysida Ransomware Group. This breach resulted in the theft of information pertaining to both employees and customers.
Acknowledging the incident, the Florida-based company disclosed the attack in its SEC filing, asserting that no sensitive data had been compromised. However, the situation took a concerning turn when a portion of the stolen data surfaced on the dark web, revealing personally identifiable information.
Demanding 15BTC for the safe return of the data, the Rhysida ransomware group attempted to extort MarineMax. Yet, as the victim refused to comply with the ransom demand, the criminals sought to profit from the breach by offering the data to interested parties.
With operations spanning over 130 locations worldwide and boasting 83 dealerships, MarineMax opted not to engage with the hackers, focusing instead on recovering the encrypted information through existing backups. Presently, the company’s website displays an error message as access is temporarily suspended for maintenance and security purposes.
Meanwhile, Rhysida remains a notorious criminal entity, having previously targeted institutions like the British Library and the Chilean Army. The group’s activities also reportedly included infiltrating the US Department of Health and Human Services in August of the previous year, with an affiliate implicated in the hacking of Insomniac Games, a subsidiary of Sony Studios.
It’s widely recognized that paying ransoms not only emboldens criminal behavior but also offers no guarantee of data recovery. Therefore, the prevailing wisdom suggests focusing efforts on efficient data backup solutions and promptly reporting incidents to law enforcement agencies. Such actions facilitate tracking potential information leaks on the dark web and increase the likelihood of apprehending the perpetrators.