Recent reports show that the food retail company in Canada, Sobeys, has been hit with a cyberattack that impacted its IT infrastructure. The attack initially targeted the firm’s owned grocery chains and pharmacies, allegedly conducted by the BlackBasta ransomware group.
The Canadian food retail company released a statement about the incident, revealing that some of their services were disrupted. However, its grocery stores remain operational to serve customers, especially those not affected by the attack.
Sobeys also admitted that its pharmacies are experiencing technical issues due to the incident, although they assured of remaining committed to the continuous care of all pharmacy patients.
The food retail company is working to resolve the issues caused by the cyberattack.
While all of Sobey’s stores remained open and operational despite the attack, the food retail company said that all of its computers were locked out in affected stores. However, some working computers, including POS systems, are still used for continuous operations.
Sobeys has not yet commented on giving further details regarding the attack incident. Meanwhile, separate security groups shared that they have received confidential intelligence about the attack on Sobeys, attributing it to the BlackBasta ransomware group.
Based on these independent analyses, the alleged threat group responsible for the attack sent the food retail company a ransom note to negotiate the payment in exchange for the compromised data’s safety from being leaked.
Ransomware payloads have also been allegedly deployed on Sobey’s IT networks to encrypt its databases. Additionally, some photos shared by Sobeys’ staff on the internet showed their stores’ computers displaying a ransom note from the BlackBasta threat group.
First detected in April 2022, the BlackBasta ransomware group performs cyberattacks similar to other ransomware actors, encrypting the data of their targeted victims and asking for millions of dollars in exchange for a decryptor and not leaking the stolen data on the dark web.
Security analysts also believe that BlackBasta does not operate as a new group but as a rebrand of an old one that previously shut down. This presumption is due to the observed negotiating style of the gang and their ability to quickly victimised targets as if they were high-level cybercriminals.
