Subway launches investigation after LockBit claims data theft

LockBit says Subway 'is pretending that nothing happened'

Subway launches investigation after LockBit claims data theft

Image:
Subway launches investigation after LockBit claims data theft

LockBit marked Subway as its latest victim on its data leak site on 21st January, giving Subway a limited timeframe to protect the compromised data or face the potential sale of the stolen information to competitors.

LockBit's message on the Tor leak site suggests a breach of Subway's SUBS internal system, resulting in the theft of hundreds of gigabytes of data, including employee salaries, master franchise commission payments, franchise royalties, restaurant turnovers, and more.

"The biggest sandwich chain is pretending that nothing happened," LockBit stated in a post on its leak site.

"We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial expects of the franchise including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc. We are giving some time for them to come and protect this data, if no we are open to sell to competitors."

The ransom demand must be met by 2nd February.

As the countdown to the data leak deadline ticks away Subway has not disclosed the specific ransom demand made by the LockBit group and the company's website appears operational, showing no immediate signs of the reported breach.

Subway has confirmed its awareness of the situation and says it is actively investigating the claims made by LockBit.

The company emphasised its commitment to ensuring the security of its systems and the protection of sensitive information.

The uncertainty surrounding the incident is reminiscent of a recent cyberattack on Yum! Brands, the parent firm of KFC, Pizza Hut, The Habit Burger Grill and Taco Bell, where nearly 300 restaurants in the UK were affected by a ransomware attack.

Yum! Brands swiftly responded by temporarily shutting down affected restaurants and reassuring customers that personal data had not been compromised.

LockBit, a notorious hacking group, is known for its tactic of deploying ransomware to lock victim organisations' systems and simultaneously stealing sensitive data for extortion purposes.

Since its emergence in January 2020, LockBit has been accountable for more than 1,700 attacks targeting US organisations, the US Cybersecurity and Infrastructure Security Agency (CISA) said in June last year.

What raises particular concern about this group is the substantial amount it has amassed through ransom payments from US entities, am amount thought to total approxmately $91 million.

LockBit is probably one of the best knowm examples of Ransomware-as-a-Service (RaaS), wherein affiliates are enlisted to execute ransomware attacks using LockBit's tools and infrastructure, according to CISA.

The operation involves a multitude of unconnected affiliates, leading to significant variations in observed tactics, techniques, and procedures (TTPs) in LockBit ransomware attacks. This variance in TTPs poses a considerable challenge for organisations striving to uphold network security and defend against the looming threat of ransomware.