Subway, an American multinational fast-food restaurant franchise, has been targeted by the LockBit ransomware.
The gang claims to have exfiltrated hundreds of gigabytes of data and has given the company nearly two weeks to pay the ransom.
LockBit listed Subway as its victim on its data leak site on January 21st. It threatens to release the data if the criminals’ demands are not met by February 2nd.
The original post on its data leak site reads:
“The biggest sandwich chain is pretending that nothing happened. We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial expects of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc. We are giving some time for them to come and protect this data, if no we are open to sell to competitors,” [sic] LockBit said.
It didn’t share any data samples as proof. Subway is aware of the claims.
“We are exploring the validity of the claim,” the company told Cybernews.
According to our own new tool, Ransomlooker, in 2023, a total of 66 active ransomware groups were identified and operating within the digital landscape. LockBit maintained its position at the top for the second consecutive year.
The group claimed responsibility for the highest number of victims, with 1009 incidents constituting nearly a quarter of all ransomware victims in 2023. This group primarily focused its attacks on the construction, manufacturing/industrial, and retail industries.
More from Cybernews:
Subscribe to our newsletter