Cyber Incident Victim: Recipe Unlimited
Date:
Sep 2018
Location:
Canada
Summary
A Canadian restaurant conglomerate experienced a widespread malware outbreak impacting numerous brands, causing a nationwide IT outage that forced temporary closures at some locations and disrupted credit/debit card processing at others. The incident led to operational paralysis across affected establishments, with social media reports corroborating payment system failures. The company engaged third-party security experts and internal teams to restore systems, citing existing backups as part of recovery efforts. While initial details were unclear, the event was later confirmed as a ransomware attack involving the Ryuk variant, evidenced by a recovered ransom note. The malware's propagation specifically targeted certain subsidiaries within the organization's portfolio.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 28, 2018, Recipe Unlimited (formerly Cara Operations), a major Canadian restaurant chain, experienced a widespread malware outbreak that disrupted operations across multiple brands. The incident primarily affected locations operating under Swiss Chalet, Harvey's, Milestones, Kelseys, Montana's, Bier Markt, East Side Mario's, The Landing Group of Restaurants, and Prime Pubs. The malware infection caused a country-wide IT outage, preventing affected restaurants from processing credit and debit card transactions. This payment system failure prompted customer complaints across social media platforms as patrons encountered difficulties completing purchases. While many locations continued serving customers with alternative payment methods, central management temporarily closed approximately 1,400 restaurants on October 1 due to the severity of the IT disruption. Physical notices posted at affected locations attributed the closure to a hacked head office computer system, confirming the incident's nationwide scope. The technical disruption extended beyond payment processing, though specific details about compromised systems or data were not disclosed by the company during initial reports.
Recipe Unlimited responded by engaging third-party security experts and internal teams to address the infection, emphasizing their existing security measures and regular system backup procedures to facilitate restoration. The company's October 2 statement did not confirm the malware type, leaving open possibilities including ransomware or payment card-stealing POS malware. Subsequent verification on October 3 identified the incident as a Ryuk ransomware attack after CBC obtained a copy of the ransom note. The infection caused operational interruptions lasting several days, with some locations remaining closed while others operated with limited transaction capabilities. The company did not publicly disclose whether data exfiltration occurred, whether ransom demands were paid, or the full extent of financial losses from the closures and recovery efforts.