Subway reportedly hit by LockBit ransomware - but is it half-baked speculation?

"We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial [aspects] of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc," LockBit stated. "We are giving some time for them to come and protect this data, if no[t], we are open to sell to competitors."

No comment

In other words, demands were sent Subway’s way, and the affiliate that breached it is now waiting for a response.

At the same time, Subway is giving everyone the silent treatment. Maybe the company tried to keep the news quiet, and maybe it wasn’t even aware of the attack until LockBit boasted about it.

"The biggest sandwich chain is pretending that nothing happened," the group apparently said. 

Subway has allegedly told media sources it is investigating the claims of the breach. If you were wondering how it could be possible that a company wasn’t aware of a ransomware attack (given its disruptive potential) - hackers have started skipping the encryption part and moving straight to the part where they steal the data.

This is a relatively new development that started occurring in the past couple of years. Apparently, building, developing, maintaining, and deploying ransomware on the target system became too cumbersome. Also, with companies getting better at backing up their data and defending from infections, in some instances insisting on the encryptor simply isn’t worth it. Instead, the threat actors would just steal the data and demand money in exchange for not leaking it to the public. 

More from TechRadar Pro

• A key part of Foxconn has been hit by the Lockbit ransomware
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now