Recipe Unlimited, which operates 19 franchise restaurant brands, must think that claiming to be a victim of a “malware outbreak” sounds better than saying it was a victim of a ransomware attack; nevertheless, nine of its restaurant brands were impacted by the attack and some have even closed down shop as the bitcoin ransom demand total grows higher each day.
Corporate said that after the attack (“malware outbreak”), which happened on Friday, Sept. 28, it tried to stop the spread of the ransomware by taking “a number of our systems offline and suspended internet access to affected locations as a precaution.”
That, in turn, resulted in some restaurants completely closing up shop as – in the words of a note taped to East Side Mario’s – “the head office computer was hacked.” The full note posted on Sept. 30 stated, “Due to a computer issue with Head Office we are closed for the day.” Smaller handwritten info included: “That is 1,400 of our restaurants closed for the day. The head office computer was hacked.”
In total, nine Recipe Unlimited restaurant brands were impacted by the attack: “Swiss Chalet, Harvey’s, Milestones, Kelseys, Montana’s, Bier Markt, East Side Mario’s, The Landing Group of Restaurants and Prime Pubs brands.”
If you are unfamiliar with those restaurants, it might be because 1,318 of all 1,379 Recipe Unlimited restaurants are located in Canada. At any rate, the impacted restaurants which did not temporarily close were not able to accept credit or debit transactions.
Despite the company avoiding the words “ransomware attack,” CBC reported seeing the ransom note which “informs Recipe Unlimited that ‘there is a significant hole in the security of your company’ and that ‘we’ve easily penetrated your network’.”
Instead of being a fixed price, the ransom demand is increasing every day. The note states, “The final price depends on how fast you write to us. Every day of delay will cost you additional +0.5 BTC.”
As of the time of writing, .5 bitcoin was equal to $3,224.58. If the countdown started on Friday and today is Wednesday, that total ransom demand for six days has jumped up to $19,347.
If Recipe Unlimited opts to pay the ransom, the attackers’ note promised to give the “decrypted data back” as well as instructions for “how to close the hole in security” and “avoid such problems in the future.”
Recipe Unlimited, however, denied to CBC that it was being held ransom. In the press release, the company claims, “We maintain appropriate system and data security measures and as per standard operating procedures, conduct regular system back-ups to enable us to restore impacted systems.” It is working “with third-party security experts and internal teams to resolve the situation as quickly and effectively as possible.”
As for the ransom demand, Recipe Unlimited claimed it was “a ‘generic’ statement associated with a virus called Ryuk, and that exact copies of the ransom note can be found via a Google search.”
While detailing a targeted Ryuk ransomware campaign, Check Point Research posted two version of the Ryak ransom note. As of August, Check Point believed the attackers had racked up $640,000 from ransoms. The security firm believed Ryak and Hermes ransomware were related and wondered about the connection to North Korean Lazarus Group attackers.
As for concerned employees with no clue what is happening or if their data is in the hands of hackers, Recipe Unlimited claimed, “We have no indication that this limited malware incident has resulted in any data breach.”
Key takeaways might include the obvious, make sure you have recent offsite backups as well as man up if you are hit with a ransomware attack instead of trying to claim it is a “malware outbreak” which led to the temporary closing of some businesses – the truth will come out sooner or later, so lying won’t help in the long run.