alphv attacks ASSOCIATED RETAILERS
Incident Date:
October 2, 2022
Overview
Title
alphv attacks ASSOCIATED RETAILERS
Victim
ASSOCIATED RETAILERS
Attacker
Alphv
Location
First Reported
October 2, 2022
Associated Retailers Limited (ARL) Targeted by ALPHV Ransomware Group
Associated Retailers Limited (ARL), one of Australasia's largest independent retailer buying groups, has been targeted by the ALPHV ransomware group. The attack was announced on the dark web leak site, where the victim's website was listed. ARL operates as a cooperative with retail stores across Australia and New Zealand.
Company Overview
ARL is a significant player in the retail sector, with a wide network of retail stores across Australia and New Zealand. The company's size and reach make it an attractive target for cybercriminals, as they can potentially gain access to a large amount of sensitive data and disrupt operations.
Vulnerabilities and Mitigation
The specific vulnerabilities that led to the successful attack on ARL are not publicly disclosed. However, it is known that ALPHV ransomware groups often gain initial access to victim networks through compromised user credentials. To mitigate such attacks, organizations should prioritize remediation of known exploited vulnerabilities, enable and enforce multifactor authentication with strong passwords, close unused ports, and remove applications not deemed necessary for day-to-day operations.
Impact and Response
The impact of the ransomware attack on ARL is not detailed in the available information. However, it is mentioned that victims of Blackcat ransomware are strongly encouraged to contact their local FBI field office if they are affected. The FBI has developed a decryption tool to assist victims in restoring their networks.
The ALPHV ransomware group's attack on Associated Retailers Limited highlights the ongoing threat of cybercrime in the retail sector. Organizations must remain vigilant and implement robust cybersecurity measures to protect against such attacks.
Sources
- Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
- Reward for Information: ALPHV/Blackcat Ransomware as a Service https://www.fbi.gov/wanted/cyber/reward-for-information-alphv-blackcat-ransomware-as-a-service
- BlackCat Ransomware Group Implodes After Apparent $22M Ransom Payment by Change Healthcare https://www.healthcareitnews.com/news/blackcat-ransomware-group-implodes-after-apparent-22m-ransom-payment-change-healthcare
- #StopRansomware: ALPHV Blackcat https://www.cisa.gov/stopransomware/alphv-blackcat
- Change Healthcare confirms Blackcat/AlphV behind ransomware attack https://www.healthcareitnews.com/news/change-healthcare-confirms-blackcat-alphv-behind-ransomware-attack
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.