What is thought to have been a Ryuk ransomware attack on Recipe Unlimited, a group of some 1,400 restaurants in Canada and North America, has forced the chain to shutdown computers and temporarily close the doors of some of its restaurants while IT teams try to address the attack.

Recipe Unlimited, previously known as Cara Operations, operates pubs and restaurants under many different titles, including Harvey’s, Swiss Chalet, Kelseys, Milestones, Montana’s, East Side Mario’s, Bier Markt, Prime Pubs, and the Landing Group of Restaurants. All of these  pub and restaurant brands have been impacted by the Recipe Unlimited ransomware attack.

While only a relatively small number of restaurants were forced to close, the IT outage caused widespread issues, stopping the restaurants that remained open from taking card payments from customers and using register systems to complete orders.

While it was at first unclear what caused the outage, a ransomware attack on Recipe Unlimited was later confirmed. A staff member at one of the impacted restaurants provided CBC News with a copy of the ransom note that had appeared on the desktop of one of the infected computers.

The ransom note is the same sent by the threat actors behind Ryuk ransomware. They say that files were encrypted with “military algorithms” which cannot be decrypted without a key that is only available from them. While it is unclear exactly how much the hackers asked for payment to decrypt files, they did threaten to increase the cost by 0.5 BTC (Approx. $4,000 CAD) per day until contact was made. The Recipe Unlimited ransomware attack is thought to have taken place on September 28. Some restaurants remained closed on October 1.

The ransomware attack on Recipe Unlimited is just one of the recently witnessed attacks involving Ryuk ransomware. The hackers are understood to have gathered more than $640,000 in ransom payments from companies who have had no other option other than to pay for the keys to unlock their files. The ransomware attack on Recipe Unlimited did not push up that total, as Recipe Unlimited conducted regular backups and expects to be able to restore all systems and data, although naturally that will take some time.

Ransomware attacks on restaurants, businesses, healthcare suppliers, and cities are extremely common and can be incredibly costly to address. The recent City of Atlanta ransomware attack caused widespread disruption due to the massive scale of the attack, involving thousands of computers.

The cost of addressing the attack, including making upgrades to its systems, is likely to cost around $17 million, according to estimates from city officials. The Ransomware attack on the Colorado Department of Transportation is estimated to cost $1.5 million to resolve.

There is no straightforward solution that will block ransomware attacks, as many different vectors are used to download the malicious file-encrypting software. Preventing ransomware attacks requires defense in depth and multiple software solutions.

Spam filtering solutions should be used to stop email delivery of ransomware, web filters can be set up to prevent access to malicious websites where ransomware is downloaded, antivirus solutions may detect infections in time to block attacks, and intrusion detection systems and behavioral analytics solutions are useful to quickly identify an attack in progress and limit the harm inflicted.

All operating devices and software must be kept fully up to date, strong passwords should be implemented, and end user must receive training to make them aware of the danger posed by ransomware. They should be trained in security best practices and trained how to identify threats. Naturally, robust backup policies are necessary to ensure that in the event of disaster, files can be rescued without having to meet the ransom demand.