A ransomware gang claims it has stolen nearly a terabyte of McDonald’s data in India and is counting down to a public leak.
The notorious Russia-linked ransomware gang that last year froze European airports has expanded its list of victims. A notice posted on the dark web on January 20th indicates that the newest target of the Everest Group might be fast-food giant McDonald's.
According to the gang, attackers exfiltrated roughly 861GB of internal data tied to McDonald’s local business in India.
“Personal data of your customers and internal documents were leaked into our storage. The leak of your internal company documents contains a huge variety of personal documents and information of clients,” claims the gang in the post.
Publicly naming a victim is a standard extortion tactic to pressure the victim into paying ransom. If negotiations fall apart, ransomware gangs often put the stolen data up for sale or publicly release it to cause reputational damage to their victims.
According to the gang’s own countdown, two days remain before it publishes a full file list of the allegedly stolen McDonald’s data, with a complete release scheduled nine days later if no deal is reached. If the deal is not reached, it is very likely that Everest will publish the data online. Last year, the gang claimed to have attacked Coca-Cola, later dumping a dataset with sensitive employee data.
To back up its attack claims against McDonald’s, the Everest Group published a set of data samples. Those samples include what appear to be customer and employee personal data, contact details, and screenshots of internal financial reports showing accumulated profits over time.
Cybernews researchers who reviewed the samples say the documents shown so far appear to be older.
“Most of these allegedly breached documents may be dated between 2017 and 2019,” our team said.
“Even so, exposure of personal data still creates a real risk of social engineering and fraud for affected individuals.”
From a corporate perspective, exposing internal financial and operational documents could offer insights that businesses would rather keep out of criminal hands.
Cybernews has contacted McDonald’s India to verify the claims and clarify the scope of the alleged breach. However, the response is yet to be received.
The gang also froze European airports
The Everest Group has been an active player in the ransomware field. According to Cybernews' in-house surveillance tool, Ransomlooker, the gang has listed 337 victims since 2023, including many well-known names.
The most disruptive attacks conducted by the gang last year affected the aviation sector. It listed Air Miles España, a company operating Spain’s leading loyalty program, Travel Club.
The attackers claimed to have exfiltrated 131GB of data, including millions of customer records such as names, emails, account IDs, demographics, activity data, and marketing information.
Everest also took credit for an attack on the Spanish airline Iberia. Apart from stealing customer data, the gang claimed it had gained “long-term, unfettered access” to all bookings, with the ability to view and edit them.
The Everest Group targeted aviation giant Collins Aerospace. The company’s MUSE check-in software is used by several major European airports to manage check-in and boarding systems. A devastating attack on the company’s systems froze European airports.
The group ultimately released 23GB of data allegedly belonging to Collins Aerospace on the dark web.
Unlock exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked