A malware outbreak was responsible for a network outage that affected a limited number of Recipe Unlimited restaurant locations.
On 1 October, Recipe Unlimited announced a malware attack of which it learned at the end of September. The Canadian restaurant chain owner and food distributor said in a statement that it responded by taking certain systems offline and suspending access at affected locations of the Swiss Chalet, Harvey’s, Milestones, Kelseys, Montana’s, Bier Markt, East Side Mario’s, The Landing Group of Restaurants and Prime Pubs brands. Recipe Unlimited said this decision caused some service delays and prevented affected restaurants from processing credit card and debit card transactions, though the company explained that all those locations could still manually process credit card transactions.
This clarification didn’t stop customers from voicing their complaints on Twitter.
Hi Joe, due to unforeseen circumstances, we are currently experiencing a system outage and would like to apologize for any inconvenience this may have caused. Our teams are working diligently to have this corrected as soon as possible!
— Montana's BBQ & Bar (@MontanasBBQ) September 30, 2018
Hello Lindsey! We apologize for the service you received. We are looking to correct the situation as soon as possible! We hope that you enjoy the rest of your weekend!
— Harvey's (@HarveysCanada) September 29, 2018
Hello! Unfortunately we are encountering issues and are looking into resolving them as soon as possible. Thanks for reaching out to us!
— Swiss Chalet (@SwissChaletCA) September 29, 2018
According to the statement, an additional number of affected restaurants decided to temporarily close due to the service issues. It’s unclear what this number was at the time of publication. One Facebook user posted a photo of a notice taped to the door of an East Side Mario’s location that says “1,400 of our restaurants are closed for the day. The head office computer was hacked.”
As of this writing, little was known about the malware responsible for the outages. CBC News reported that a ransom note appeared after the attack, stating that “there is a significant hole in the security of your company” and that “we’ve easily penetrated your network.” The authors of the note also reportedly wrote that the ransom amount would go up by 0.5 bitcoin (more than $3,000) each day that Recipe Unlimited didn’t pay.
Maureen Hart, a spokesperson for Recipe Unlimited, denied to CBC News that it’s being held ransom and said it “maintain[s] appropriate system and data security measures.” She also downplayed the ransom note and said it’s an easily searchable and generic note associated with Ryuk, ransomware which has netted attackers at least $640,000 as a result of its targeted campaigns.
Recipe Unlimited indicated it’s working to limit the inconvenience caused to staff and customers and is also collaborating with third-party security experts and internal teams to resolve issues stemming from the malware outbreak.
News of this attack follows several months after American restaurant chain PDQ revealed it had suffered a data breach affecting customers’ payment card details at most of its locations.