Hackers demand bitcoin ransom in cyberattack on big Canadian restaurants

A Canadian company that owns many popular restaurant chains has been told to pay ransom in bitcoin to retrieve data that hackers claim to have stolen.

On Monday, Recipe Unlimited formerly Cara Operationssaid it was hit with a "malware outbreak" that's affectingoperations at a"limited number" of itsrestaurantsincludingbrandsSwiss Chalet, Harvey's, Milestones, Kelseys, Montana's, Bier Markt, and East Side Mario's.

Severallocations have temporarily closedas a result.

Following the cyberattack on Friday, a ransom letter popped upon computersat multiplerestaurants owned by the company, some employees said.

"All of our computer systems crashed," said aworkeron shift at the time at an affected location. "The ransom note appeared under the file, 'read me'in a WordPad format.We were all really in a state of shock."

CBCNews has agreed to keep employees' names and work locations confidential because they fear repercussions from their employer for speaking publicly about the incident.

The ransomnote, obtained by CBC News, informs Recipe Unlimited that"there is a significant hole in the security of your company" and that "we've easily penetrated your network."

The hackers claim that they "crypted"the company's files "with the strongest military algorithms" and that, in order to restorethe data, the company must pay an unspecified amount in bitcoin.

"The final price depends on how fast you write us," said the message, adding that every day of delay will cost 0.5 bitcoin,more than $4,000Cdn.

"There's a big difference between malware and ransomware, andthis is ransomware," said anotheremployee at an affected location.

"It's, 'We're taking all of your information and holding it hostage.'"

Company downplays the letter

Recipe Unlimiteddenies it's being held ransom, because it conducts regular system backups to protect its files. "We maintain appropriate system and data security measures," said spokesperson Maureen Hart in an email.

She also downplayed the letter, sayingthat it'sa "generic" statement associated with a virus called Ryuk, and that exact copies of the ransom note can be found via a Google search.

CBCNews found similar versions of the letter online, as well as a recentblog about Ryukwritten by international cybersecurity companyCheck Point Research.

It said that in August, Ryukattacked various companies worldwide and that "some organizations paid an exceptionally large ransom to retrieve their files," netting the hackers more than $640,000 US so far.

Check Point also said Ryukmay be connected to a cyber operation in North Korea.

Recipe Unlimited declined to provide an update on when itscomputer problem would be resolved orthe number of restaurants impacted. While multiplelocations remain closed, a number of others cannot process debit and credit card transactions or accept online takeout orders.

Meanwhile, theransom threat remains a concern forsome employees who worry about hackers getting their personal information fromthe company's computer system.

"There's no communication as far as what these people have and what they're doing with it," said one worker."Do we need to be contacting our banks and stuff like that?"

Another employeesaid he has received no information from Recipe Unlimited about the cyberattack, and he wantsmore details.

"We're basically the front line for them, and we don't really know what's going on," he said. "Staff has been left in the dark."

SpokespersonHart said the companyhas been in constantcommunication with affectedrestaurants and franchise owners, and employees shouldn't be worried.

"We have no indication that this limited malware incident has resulted in any data breach," she said.

Recipe Unlimited franchises and/or operates more than 1,000 restaurants, mainly in Canada.