Ransomware Attack on Piggly Wiggly Alabama Distributing Company, Inc.

Piggly Wiggly Alabama Distributing Company, Inc. (PWADC), a prominent wholesale supplier cooperative based in Bessemer, Alabama, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. This breach has resulted in the unauthorized access and potential exfiltration of a wide array of sensitive data.

About Piggly Wiggly Alabama Distributing Company, Inc.

Established in 1959 by 27 Piggly Wiggly store owners, PWADC was created to enhance the collective buying power of independent grocery operators. The company has grown significantly and now services over 270 stores across seven states, generating annual sales of approximately $750 million. PWADC operates a vast distribution center spanning one million square feet, housing over 22,000 stock-keeping units (SKUs) of various grocery items. The cooperative is known for its competitive pricing strategies and strong relationships with both domestic and international suppliers.

Attack Overview

The Play ransomware group has claimed responsibility for the attack on PWADC via their dark web leak site. The breach has compromised private and personal confidential data, client documents, budgetary details, payroll records, accounting files, contracts, tax documents, identification information, and financial data. The extent of the data breach underscores the severity of the attack and the potential ramifications for both the company and its clients.

About the Play Ransomware Group

The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware uses various methods to gain entry into networks, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.

Potential Vulnerabilities

PWADC's extensive network and large-scale operations make it a lucrative target for ransomware groups. The company's reliance on digital systems for inventory management, financial transactions, and client communications could have provided multiple entry points for the attackers. The Play ransomware group likely exploited vulnerabilities in PWADC's network security, such as outdated software, weak passwords, or insufficiently protected remote access points.

Sources

• Piggly Wiggly Alabama Distributing Company, Inc.
• SOCRadar - Play Ransomware
• Cyberint - Play Ransomware
• LinkedIn - PWADC