The Subway restaurant chain, creator of the Sweet Onion Teriyaki combo and slinger of sports-themed fast-casual sandwich deals, is investigating claims that the LockBit 3.0 ransomware gang was able to toast up its infrastructure.
LockBit claims that it will put the information up for sale on Feb. 2 unless the ransom is paid.
For its part, Subway didn't unwrap what it thought about the claims until this week, when the company issued private statements to media that it's actively investigating LockBit's claims, but it has not yet provided any assessments or findings.
One thing's certain - going after such a big hoagie of a target is out of character for the LockBit gang if true, the Subway hit could signal a change in its modus operandi.
Black Kite estimates that LockBit enjoyed about a fifth of global ransomware market share last year, claiming more than 1,000 victims.
That's a number that dovetails with other estimates; a ransomware stats report this week from ZeroFox, for example, found that LockBit accounted for more than 35% of total extortion attacks in early 2023 - peaking at almost 50% last February and 20% in the fourth quarter.
Implement secure password policies and multifactor authentication.
Configure ongoing monitoring for compromised account credentials.
Proactively monitor for compromised accounts being brokered in deep and Dark Web forums.
Back up critical, proprietary, or sensitive data to secure, off-site, or cloud servers.
Implement email protections like DMARC. Keep versions and patching up-to-date.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 23 Jan 2024 20:55:16 +0000