Subway reportedly hit by LockBit ransomware - but is it half-baked speculation?

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Subway has allegedly suffered a data breach at the hands of none other than the notorious LockBit ransomware gang.

According to The Register, the ransomware-as-a-service provider added the sandwich makers to its data leak site earlier this week after one of its affiliates made away with gigabytes of sensitive data.

"We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial [aspects] of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc," LockBit stated. "We are giving some time for them to come and protect this data, if no[t], we are open to sell to competitors."

No comment

In other words, demands were sent Subway’s way, and the affiliate that breached it is now waiting for a response.

At the same time, Subway is giving everyone the silent treatment. Maybe the company tried to keep the news quiet, and maybe it wasn’t even aware of the attack until LockBit boasted about it.

"The biggest sandwich chain is pretending that nothing happened," the group apparently said. 

Subway has allegedly told media sources it is investigating the claims of the breach. If you were wondering how it could be possible that a company wasn’t aware of a ransomware attack (given its disruptive potential) - hackers have started skipping the encryption part and moving straight to the part where they steal the data.

This is a relatively new development that started occurring in the past couple of years. Apparently, building, developing, maintaining, and deploying ransomware on the target system became too cumbersome. Also, with companies getting better at backing up their data and defending from infections, in some instances insisting on the encryptor simply isn’t worth it. Instead, the threat actors would just steal the data and demand money in exchange for not leaking it to the public. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.