Crumbl, the North American gourmet cookie shop chain, has allegedly been breached by the Everest ransomware group, exposing thousands of the cookie-maker’s employee files.
-
The popular Crumbl cookie company has been claimed by the Everest ransomware group.
-
The ransomware gang has given the company less than a week to make contact before it threatens to leak the data of 29,000 Crumbl employees.
-
The Everest group has stepped up its number of attacks since May, including a data breach targeting Coca-Cola, which also led to the leak of over 1000 of the soft drink maker's employees.
Everest posted the North American cookie franchise on its dark leak site on Wednesday, along with two file samples that appear to be from an employee database.
“The leak of your internal company documents contains a huge variety of personal documents and information of employees,” Everest wrote on its blog, along with a list of information it claims it has on the company’s over 29,0000 employees.
Headquartered in Utah, the niche dessert corporation boasts over 1,000 stores and has locations in all 50 states, Canada, and Puerto Rico, according to its website.
The two samples, which Cybernews was able to look at, appear to contain various details about employees, including names, phone numbers, personal email addresses, official job titles, birthdates, and images of the employees.
Everest claims the files also contain each store ID#, the employee's user id, whether the employee works for Crumbl’s corporate office or franchises, and the crew members' FCM Authentication token IDs.
In a ransomware twist, Everest, instead of leaving a typical plaintext ransom note for Crumbl’s security experts to find on the compromised systems – the group has only left what appears to be a voice message for whoever is in charge of handling the negotiations.
“Company representative should follow the instructions to contact us before time runs out,” the group wrote, posting a countdown deadline for the Crumbl representative to make contact and purportedly fork over an undisclosed ransom demand.
Everest says “the recording will be available through:” the deadline, which shows roughly four days left on the clock as of Friday.
Crumbl was founded in 2017 by two cousins, and since then, it has seen its annual revenue rise to an estimated $1.2 billion, or roughly $1.16 million per store based on a reported 571 locations in 2023, CNBC reports.
The company, a fan favorite among celebrities and influencers, is known for its iconic pink Crumbl packaging, and serves an average of one million-plus desserts per day.
Cyberbews has reached out to Crumbl's corporate offices and is awaiting a response at the time of this report.
Who is the Everest gang?
The Russian-linked Everest gang first emerged on the scene in July 2021.
According to Cybernews’ dark web tracker Ransomlooker, the gang has listed 248 victims since 2023, with 90 victims in the past 12 months, including a recent spate of attacks targeting the Middle East.
“Everest is quite bold in their targeting and doesn’t hesitate to go after sensitive sectors, government agencies, and hospitals,” Martin Vigo, lead security researcher at AppOmni, told Cybernews in May.
According to Vigo, the group has shifted its tactics over the years, relying less on encryption to lock down systems and more on stealing and leaking data, using their dark leak site as a “pressure mechanism.”
"Victims are publicly named, and partial datasets are published to demonstrate the seriousness of the breach. This creates reputational and legal pressure, particularly for high-profile targets, and increases the likelihood of a payout.” Vigo said.
Believed to be connected to the BlackByte ransomware group, on May 22nd, Everest set its sights on Coca-Cola’s Middle East division, eventually leaking the data of nearly 1000 employees from the company’s multiple distribution centers scattered throughout the region.
Seemingly part of a broader attack on Coca-Cola Europacific Partners, the world’s largest Coca-Cola bottler, the ransomware group also reportedly made away with an alleged 23 million records.
Just days after the attack on Coca-Cola, Everest claimed the prominent international private hospital Mediclinic, which has locations in the UAE, the Abu Dhabi Department of Culture and Tourism, and the Jordan Kuwait Bank (JKB) on May 26th.
The gang was also behind the October 2022 attack on AT&T, offering alleged access to the entire AT&T corporate network and the Radisson Country Inn and Suites hotel chain in fall 2024.
Your email address will not be published. Required fields are markedmarked