KEY SUMMARY POINTS
- Krispy Kreme Data Breach: The notorious Play ransomware group has claimed responsibility for the data breach at Krispy Kreme and is threatening to leak the data within two days.
- Threatening to Leak Data: Hackers threaten to leak sensitive company data within two days.
- Play Ransomware and Doube Extortion: The group uses a double-extortion model, exfiltrating and encrypting data.
- Play Ransomware Does Not Play: Play Ransomware has a history of targeting various global sectors.
- International Links: Recent reports link the group to North Korean state-backed hackers.
Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in which its operations across the United States were disrupted. At the time, the identity of the attackers was unknown. However, Hackread.com can now exclusively reveal that the Play Ransomware group, also known as PlayCrypt, has claimed responsibility for the breach.
The Play Ransomware group made the announcement earlier today, December 19, via its dark web leak site. While Krispy Kreme has not disclosed whether any data was stolen or the nature of such data, the ransomware group is threatening to release sensitive internal company information within two days. The data reportedly includes the following:
- IDs
- Client documents
- payroll information
- Financial information
- Budgeting information
- Accounting information
- Tax-related information
- Private and personal confidential data
For context, the Play Ransomware group, which emerged in June 2022, specializes in targeting a wide range of sectors, including business, government, critical infrastructure, healthcare, and media. Their attacks have spanned across North America, South America, and Europe, making them a significant threat to the cybersecurity infrastructure.
The Play Ransomware group uses a double-extortion model, exfiltrating data before encrypting systems and threatening to release the stolen information if their ransom demands are not met. One of their most notable attacks occurred in June 2023, targeting Swiss government entities and resulting in data breaches that impacted hundreds of thousands of individuals.
In July 2024, Play Ransomware introduced a new variant designed to target Linux ESXi environments. However, the most alarming development came in October 2024, when a report from Palo Alto Networks’ Unit 42 revealed that the ransomware group was collaborating with North Korean government-backed hackers to carry out global attacks.
The Play Ransomware attack on Krispy Kreme is another reminder of the growing complexity and reach of cybercriminal groups. With their history of targeting critical sectors and recent collaboration with state-backed hackers, the group has now become a serious threat to businesses worldwide.
