Canadian restaurant chain suffers country-wide outage after malware outbreak

Some restaurant locations were temporarily shut down due to the IT outage, others continued to serve customers.

A Canadian restaurant chain that operates over 20 restaurant brands has suffered a country-wide outage of its IT systems over the weekend in an incident it described as a "malware outbreak."

The company is Recipe Unlimited --formerly Cara Operations-- which operates restaurant brands in North American, but mostly in Canada.

The mysterious malware outbreak happened last Friday, September 28. Not all restaurants were affected, but only those operating under brands such as Swiss Chalet, Harvey's, Milestones, Kelseys, Montana's, Bier Markt, East Side Mario's, The Landing Group of Restaurants, and Prime Pubs, according to a press release the company shared with ZDNet.

The company says that as soon as it learned of the incident it immediately took a number of IT systems offline and suspended internet access to affected locations.

The immediate impact of this decision was that affected restaurants were unable to process credit and debit card transactions, something that several users complained about on social media [1, 2, 3, 4].

However, the situation appears to have been worse for a small number of affected locations, where, for reasons yet to be specified, central management decided to temporarily close the restaurants.

In a photo posted on Facebook on Monday, October 1, a note taped to one of the affected restaurant's doors blamed the IT outage on "a computer issue with the Head Office." The note also said that 1,400 restaurants were closed for the day because "the Head Office computer was hacked."

Similarly, an image of another note taped on another restaurant's door called the IT issues a "Canada wide outage," revealing details about the true scope of the incident.

Recipe Unlimited said it's working with third-party security experts and internal teams to resolve the issue.

"We maintain appropriate system and data security measures and as per standard operating procedures, conduct regular system back-ups to enable us to restore impacted systems," said the company.

It is unclear if this is the case of an incident involving ransomware, POS malware that steals payment card data, or something else. A Recipe Unlimited spokesperson did not return a phone call requesting more information about the malware attack before this article's publication.

UPDATE [October 3, 07:35 ET]: This incident has been confirmed as a ransomware infection. CBC has obtained a copy of the ransom note, which appears to be from the Ryuk ransomware.

READ MORE ON CYBER CRIME