Panera Bread, an American chain of quick meals eating places, almost certainly paid a ransom after being hit by a ransomware assault, suggests language used an inner e mail despatched to staff.
Final week, Panera started sending data breach notifications to staff, warning that menace actors stole private info in a March cyberattack that included names and social security numbers.
Whereas Panera has not publicly disclosed particulars about their assault, BleepingComputer first reported that Panera Bread suffered a ransomware assault that encrypted all of its digital machines.
The assault led to a week-long, company-wide disruption that affected their web site, telephone methods, cell app, point-of-sale, and inner methods.
BleepingComputer later discovered that considered one of their storage servers was not encrypted within the assault, permitting the corporate to rebuild and restore servers from backups.
Nevertheless, no ransomware gang ever claimed the assault or leaked stolen information, indicating {that a} ransom was paid.
Simply because the data breach notifications had been being emailed on Thursday, an alleged worker claimed on Reddit that Panera paid a ransom to have the hackers delete the stolen information and keep away from a public leak.
“This most likely is not going to make it far however simply bought out of a company assembly the place they broke to us that each one our information has been stolen since march and so they paid the hackers to “not launch” its staff information,” reads the Reddit thread by an alleged Panera worker.
The nameless worker additionally shared an inner e mail from Panera Senior Vice President KJ Payette, which backs up the ransom fee declare by stating that Panera obtained assurances that stolen information was deleted and wouldn’t be revealed.
“Please observe that we obtained assurances that the data concerned was deleted and won’t be revealed. As of now, there isn’t a indication that the data accessed has been made publicly accessible,” reads an inner Panera e mail despatched to staff.
Supply: Reddit
Throughout ransomware assaults, menace actors breach an organization after which quietly unfold all through its community whereas stealing company information. As soon as they achieve administrative privileges on the community, they deploy the encryptor to encrypt all gadgets.
The menace actors use the stolen information and encrypted information as leverage to pressure firms to pay a ransom, promising to ship a decryptor and delete any information that was stolen within the assault.
It’s extremely unlikely that Panera may obtain assurances that information was deleted and wouldn’t be revealed except it got here instantly from the menace actors after a ransom demand was paid.
Moreover, even when legislation enforcement had been capable of intercept the server internet hosting the information, there could be no manner of figuring out if a replica of the information was saved elsewhere by the menace actors.
Sadly, even paying a ransom doesn’t assure the whole deletion of stolen information, with previous incidents demonstrating that menace actors do not at all times preserve their promise and information was offered to different menace actors, leaked on information leak websites, or used to extort the corporate once more.
This was seen not too long ago with the BlackCat ransomware assault on United Healthcare when the corporate paid a $22 million ransom demand to obtain a decryptor and have stolen information deleted.
Nevertheless, after BlackCat stole the ransom fee with out paying the affiliate behind the assault, the affiliate mentioned they by no means deleted the information and once more extorted United Healthcare, stating that they might promote the information to different menace actors except one other fee was made.
To show they nonetheless held the information, the menace actors leaked samples on one other ransomware gang’s information leak web site, Ransom Hub. Ultimately, the information leak for United Healthcare disappeared from this information leak web site, indicating one other ransom was doubtless paid.
For that reason, ransomware negotiators have informed BleepingComputer prior to now that firms ought to by no means pay a ransom to delete stolen information, as there isn’t a assure this might be achieved.
BleepingComputer contacted Panera Bread to substantiate in the event that they paid the ransom however didn’t obtain a response.
