U.S. semiconductor manufacturer Microchip Technology was claimed to be compromised by the Play ransomware operation a week after having some of its servers and business operations disrupted by the intrusion, reports The Record, a news site by cybersecurity firm Recorded Future.
While Microchip has not provided any comment regarding the claims, Play's admission a full week after the company's breach disclosure to the Securities and Exchange Commission reveals an extension from the 72-hour deadline given for a ransom payment, according to Adlumin cybersecurity researcher Kevin O'Connor. "It's not that unusual for ransomware gangs to go beyond the threatened release period, but it suggests that negotiations may have been taking place," said O'Connor, who also noted challenges in the attack's attribution amid the ransomware gang's expansion as it move toward an affiliate model. Such a development comes more than a month after a Trend Micro study revealed that U.S. organizations were primarily targeted by the Play ransomware gang this year.