FPL Food LLC Targeted by Play Ransomware Group

Incident Date:

May 29, 2024

World map



FPL Food LLC Targeted by Play Ransomware Group






Augusta, USA

Georgia, USA

First Reported

May 29, 2024

Ransomware Attack on FPL Food LLC by Play Ransomware Group

Company Overview

FPL Food LLC is a leading beef processor and distributor in the United States, specializing in providing high-quality beef products to retail, food service, and export markets. With around 657 employees, the company is recognized as the number one privately owned processor of fresh beef products and ground beef selections in the Southeast.

Company Vulnerabilities

Given its prominence in the beef processing industry and extensive operations, FPL Food is an attractive target for threat actors like the Play ransomware group. The company's large workforce and complex supply chain could provide multiple entry points for cybercriminals to exploit.

Attack Overview

The Play ransomware group targeted FPL Food, resulting in the leakage of sensitive data, including private and personal confidential information, client documents, budget details, payroll information, accounting records, contracts, taxes, IDs, and financial data. The attack was recorded on May 30, 2024, and the leaked information was viewed 200 times on the dark web.

Play Ransomware Group Profile

Operated by Ransom House, the Play ransomware group is known for targeting Linux systems and deploying cryptographic lockers. The group has evolved from data theft to using ransomware tactics and has been observed submitting binaries containing hack tools and utilities after gaining initial access to systems.

How the Attack Occurred

Considering FPL Food's extensive operations and online presence, the Play ransomware group could have infiltrated the company's systems through various means. These may include exploiting vulnerabilities in their network infrastructure, conducting phishing attacks on employees, or leveraging unsecured third-party connections.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.