Piggly Wiggly Alabama Hit by Play Ransomware Group in Major Breach
Incident Date:
September 10, 2024
Overview
Title
Piggly Wiggly Alabama Hit by Play Ransomware Group in Major Breach
Victim
Piggly Wiggly Alabama Distributing Company, Inc
Attacker
Play
Location
First Reported
September 10, 2024
Ransomware Attack on Piggly Wiggly Alabama Distributing Company, Inc.
Piggly Wiggly Alabama Distributing Company, Inc. (PWADC), a prominent wholesale supplier cooperative based in Bessemer, Alabama, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data.
About Piggly Wiggly Alabama Distributing Company, Inc.
Established in 1959 by 27 Piggly Wiggly store owners, PWADC was created to enhance the collective buying power of independent grocery operators. The company has grown significantly and now services over 270 stores across seven states, generating annual sales of approximately $750 million. PWADC operates a vast distribution center spanning one million square feet, housing over 22,000 stock-keeping units (SKUs) of various grocery items. The cooperative is known for its competitive pricing strategies and strong relationships with both domestic and international suppliers.
Attack Overview
The Play ransomware group has claimed responsibility for the attack on PWADC via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack and the potential ramifications for both the company and its clients.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.
Potential Vulnerabilities
PWADC's extensive network and large-scale operations make it a lucrative target for ransomware groups. The company's reliance on digital systems for inventory management, financial transactions, and client communications could have provided multiple entry points for the attackers. The Play ransomware group likely exploited vulnerabilities in PWADC's network security, such as outdated software, weak passwords, or insufficiently protected remote access points.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.