Canadian restaurant chain Recipe suffered a network outage, is it a ransomware attack?
4.10.2018 securityaffairs
Ransomware

The Canadian restaurant chain Recipe Unlimited that operates over 20 restaurant brands has suffered a major IT outage over the weekend in a “malware outbreak.”
The company operates nearly 1,400 restaurants under 19 different brands in Canada,

Recipe Unlimited has suffered a major malware-based attack that impacted several of its brands.

On Monday the company Monday confirmed that a malware is the root cause of a partial network outage at nine of its franchises, including Swiss Chalet, Harvey’s, East Side Mario’s, and Kelseys.

Recipe discovered the malware outbreak on September 28 and immediately started the incident response procedure. A number of systems have been taken offline, and all the locations infected by the ransomware were isolated from the Internet.

The affected locations continued to process card transactions manually,

The infections have caused the closure of a “small number” of restaurants for a “temporary period of time.”

“A limited number of Recipe Unlimited restaurants are currently experiencing a partial network outage. Only certain restaurants under the Swiss Chalet, Harvey’s, Milestones, Kelseys, Montana’s, Bier Markt, East Side Mario’s, The Landing Group of Restaurants and Prime Pubs brands have been impacted.” reads a statement published by the company.

“We learned of the malware outbreak on Friday, September 28 and immediately initiated steps to prevent any further spread and take appropriate precautionary measures. As a result, we have taken a number of our systems offline and suspended internet access to affected locations as a precaution. This caused some of our restaurants to experience some service delay related issues, including being unable to process credit and debit card transactions. However, all of those restaurants are able to manually process credit card charges. A smaller number of affected restaurants have decided to close for a temporary period of time to avoid inconvenience to guests due to service issues.”

According to the CBC News, the Recipe was the victim of a ransomware attack, the media also shared a copy of a ransom note that was provided by a worker at one of the affected restaurants.

“All of our computer systems crashed,” said a worker on shift at the time at an affected location. “The ransom note appeared under the file, ‘read me‘ in a WordPad format. We were all really in a state of shock.”

The hackers claim that they encrypted the files using “the strongest military algorithms,” at the time there is no info related to an amount of bitcoin requested to the victims.

The amount requested by the crooks will increase with the time.

“The final price depends on how fast you write to us,” warns the ransom note. “Every day of delay will cost you additional +0.5 BTC.”

Recipe Unlimited denies it was victim of a ransomware attac, because it conducts regular system backups to promptly mitigate such kind of attacks.

“We maintain appropriate system and data security measures,” said spokesperson Maureen Hart in an email.

Canadian restaurant chain Recipe

According to Hart, the ransom note published online is a “generic” statement associated with a virus called Ryuk, and other copies of the note can be found via a Google search.

The ransom note is associated with Ryuk ransomware, a threat discovered by security experts at Check Point in August. At the time, the ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor.

The campaign appears as targeted and well-planned, crooks targeted several enterprises and encrypted hundreds of PC, storage and data centers in each infected company.