A malware outbreak was responsible for a network outage that affected a limited number of Recipe Unlimited restaurant locations.
On 1 October, Recipe Unlimited announced a malware attack of which it learned at the end of September. The Canadian restaurant chain owner and food distributor said in a
statement that it responded by taking certain systems offline and suspending access at affected locations of the Swiss Chalet, Harvey's, Milestones, Kelseys, Montana's, Bier Markt, East Side Mario's, The Landing Group of Restaurants and Prime Pubs brands. Recipe Unlimited said this decision caused some service delays and prevented affected restaurants from processing credit card and debit card transactions, though the company explained that all those locations could still manually process credit card transactions.
This clarification didn't stop customers from voicing their complaints on Twitter.
https://twitter.com/MontanasBBQ/status/1046503988307394560
https://twitter.com/HarveysCanada/status/1046135318649475073
https://twitter.com/SwissChaletCA/status/1046186166851121152?ref_src=twsrc%5Etfw
According to the statement, an additional number of affected restaurants decided to temporarily close due to the service issues. It's unclear what this number was at the time of publication. One Facebook user
posted a photo of a notice taped to the door of an East Side Mario's location that says "1,400 of our restaurants are closed for the day. The head office computer was hacked."
As of this writing, little was known about the malware responsible for the outages.
CBC News reported that a ransom note appeared after the attack, stating that "there is a significant hole in the security of your company" and that "we've easily penetrated your network." The authors of the note also reportedly wrote that the ransom amount would go up by 0.5 bitcoin (more than $3,000) each day that Recipe Unlimited didn't pay.
Part of the ransom note reportedly sent to restaurants owned by Recipe Unlimited. (CBC News)
Maureen Hart, a spokesperson for Recipe Unlimited, denied to CBC News that it's being held ransom and said it "maintain[s] appropriate system and data security measures." She also downplayed the ransom note and said it's an easily searchable and generic note associated with Ryuk, ransomware which has
netted attackers at least $640,000 as a result of its targeted campaigns.
Recipe Unlimited indicated it's working to limit the inconvenience caused to staff and customers and is also collaborating with third-party security experts and internal teams to resolve issues stemming from the malware outbreak.
News of this attack follows several months after American restaurant chain PDQ
revealed it had suffered a data breach affecting customers’ payment card details at most of its locations.
