Subway, the sandwich fast food franchise, may be the latest victim of Lockbit, one of the world’s most notorious ransomware groups.
According to The Register and CyberNews, Subway was listed on Lockbit’s data leak website on Monday, with the ransomware group claiming one of its affiliates had scooped up hundreds of gigabytes of sensitive internal company data.
Is Subway hiding a major data leak?
Lockbit published a blog post alleging that the sandwich chain was trying to hide the data leak, which includes “all financial aspects” of the company.
“The biggest sandwich chain is pretending that nothing happened,” the Lockbit penned post reads. “We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial aspects of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc. We are giving some time for them to come and protect this data, if not we are open to sell to competitors.”
As the ransomware group states, they are giving Subway time to respond to the data leak. Of course, this isn’t out of the kindness of their hearts. This is a major aspect of what ransomware entails. Lockbit is likely giving Subway some time to give in to their affiliate’s demands.
Based on LockBit’s previous ransoms, The Register estimates that the cybercriminals are likely looking for tens of millions of dollars from Subway.
Lockbit did not provide any additional information about the purported Subway data leak. It remains uncertain whether ransomware was employed, if the affiliate discovered a vulnerability, or if the data was acquired through alternative means.
A Subway spokesperson provided a statement to Mashable’s sibling-site PCMag, which simply stated that Subway is “exploring the validity of the claim.”
Lockbit özgü given Subway a deadline of Feb. 2 to respond before it releases the stolen data.