An infamous cybercriminal group known as LockBit Ransomware recently targeted Subway’s food chain, unleashing a vicious attack that could potentially lead to the exposure of sensitive data.
The extent of the damage caused by the attack is yet to be fully determined, but the situation is certainly one of great concern to Subway and its customers.
LockBit ransomware is a type of malicious software that blocks access to computer systems and demands a ransom payment in exchange for access. The ransomware can automatically spread to other systems on a network and encrypt all accessible files.
Subway is a multinational American fast-food restaurant specializing in submarine sandwiches (subs), wraps, salads, and drinks. It was founded by Fred DeLuca and financed by Peter Buck in 1965 as Pete’s Super Submarines in Bridgeport, Connecticut.
Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.
The data that has been breached comprises a plethora of important information such as the salaries of employees, payments made towards franchise royalties, commissions paid to master franchises, turnovers of various restaurants, and other significant details, reads Theregister’s report.
Additionally, the gang declared its breach on its dark web website, which can be reached using the TOR browser. The group stated, “The biggest sandwich chain is pretending that nothing happened. We exfiltrated their SUBS internal system, which includes hundreds of gigabytes of data and all financial aspects of the franchise.”
In addition, hackers have been reported to have breached Subway’s computer systems. The hackers have set a deadline for Subway to take necessary measures to secure their data. If Subway fails to do so, the hackers have threatened to sell the stolen data to other competing restaurants.
It is important to note that the group behind the hack issued a serious threat to release the data they stole on February 02, 2024. This makes the hack particularly concerning as it poses a high level of risk to the affected parties.
Following this recent incident of cyber attack, it has become increasingly imperative for organizations to take extra measures to safeguard their sensitive data against malicious groups. This critical situation highlights cybersecurity’s crucial role in the modern-day digital landscape, where threats to online security are growing at an alarming rate.
As such, it is essential for businesses to adopt a proactive and robust approach to cybersecurity to prevent such incidents from happening in the future.