Incident Date:

October 2, 2022

World map









Oakleigh, Australia

Victoria, Australia

First Reported

October 2, 2022

Associated Retailers Limited (ARL) Targeted by ALPHV Ransomware Group

Associated Retailers Limited (ARL), one of Australasia's largest independent retailer buying groups, has been targeted by the ALPHV ransomware group. The attack was announced on the dark web leak site, where the victim's website was listed. ARL operates as a cooperative with retail stores across Australia and New Zealand.

Company Overview

ARL is a significant player in the retail sector, with a wide network of retail stores across Australia and New Zealand. The company's size and reach make it an attractive target for cybercriminals, as they can potentially gain access to a large amount of sensitive data and disrupt operations.

Vulnerabilities and Mitigation

The specific vulnerabilities that led to the successful attack on ARL are not publicly disclosed. However, it is known that ALPHV ransomware groups often gain initial access to victim networks through compromised user credentials. To mitigate such attacks, organizations should prioritize remediation of known exploited vulnerabilities, enable and enforce multifactor authentication with strong passwords, close unused ports, and remove applications not deemed necessary for day-to-day operations.

Impact and Response

The impact of the ransomware attack on ARL is not detailed in the available information. However, it is mentioned that victims of Blackcat ransomware are strongly encouraged to contact their local FBI field office if they are affected. The FBI has developed a decryption tool to assist victims in restoring their networks.

The ALPHV ransomware group's attack on Associated Retailers Limited highlights the ongoing threat of cybercrime in the retail sector. Organizations must remain vigilant and implement robust cybersecurity measures to protect against such attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.