Five Guys Hit by BlackCat/ALPHV Ransomware
Incident Date:
February 5, 2023
Overview
Title
Five Guys Hit by BlackCat/ALPHV Ransomware
Victim
Five Guys
Attacker
Alphv
Location
First Reported
February 5, 2023
The BlackCat/ALPHV Ransomware Attack on Five Guys
The BlackCat/ALPHV ransomware gang posted the popular burger chain Five Guys on its data leak site along with what was purported to be proof of sensitive data exfiltration as part of a Double Extortion scheme to incentivize payment of the ransom demand.
It is assessed that the threat actors may have accessed sensitive company data including banking information and payroll info, as well as recruiting data and other sensitive information. Attackers previously hit Five Guys that exposed employee data and subsequently led to a lawsuit against the fast food chain stemming from financial fraud associated with the data lost in the attack.
Takeaway:
The exfiltration of sensitive data means that even with a robust cyber resilience program and data backups to assist in recovery efforts, organizations face additional risk from the exposure of internal communications, trade secrets, R&D assets, intellectual property, and more, and that risk can extend to other organizations as the valuable information is leveraged in other criminal acts.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.