KFC, Pizza Hut parent shuts UK restaurants after cyber attack

Yum! Brands, the organisation behind iconic restaurant and fast food franchises including KFC, Pizza Hut and Taco Bell, was forced to close approximately 300 outlets across the UK on Wednesday 18 January following a ransomware attack by an as-yet unspecified group.

The US-based restaurant operator said that on detecting the incident, it implemented planned response protocols, deployed containment measures to prevent the malware spreading – including taking certain systems offline – and implemented enhanced monitoring for further activity.

In a statement, it said it had also begun an investigation, engaged cyber security forensics and notified law enforcement in the US.

“Less than 300 restaurants in the United Kingdom were closed for one day, but all stores are now operational,” said a company spokesperson.

“The company is actively engaged in fully restoring affected systems, which is expected to be largely complete in the coming days.

“Although data was taken from the company’s network and an investigation is ongoing, at this stage there is no evidence that customer databases were stolen.

“While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” they said.

Rapid7 senior vice-president and chief scientist Raj Samani commented: “Whilst it’s premature to see the full extent of the ransomware attack, targeting the availability of systems is a tactic that has been extremely popular among threat actors over the past couple of years.

“We saw it last week with the attack on Royal Mail, and even though it seems that Yum! Brands was able to able to quickly recover operationally, businesses being closed and operations unavailable, particularly across 300 stores, can have significant financial and reputational impact.

“On a positive note, Yum! Brands confirmed there was no evidence customer databases were stolen. However, from our own research we know that other file categories are often stolen by threat actors – for example, finance and accounting files, which is included in 63% of ransomware data disclosures,” said Samani.

“As the investigation continues, we would encourage the sharing of indicators of the attack such that it can benefit the defences of other organisations to mitigate future incidents targeting other companies,” he added.

The Yum! Brands incident joins a growing list of ransomware victims so far in 2023, demonstrating that there has been no let-up in attack volumes.

Some of the more high-profile UK victims have included Royal Mail, which is recovering its international export services following a suspected LockBit attack, and The Guardian newspaper, which was hit just before Christmas and is still dealing with the impact a month on.

Other victims to be disclosed so far this year include a number of UK schools and universities, which were collectively hit by the Vice Society ransomware operation, while last December’s attack on Rackspace, which disrupted hosted Exchange services for thousands, was revealed this month to be the work of the Play ransomware group.

Read more on Hackers and cybercrime prevention

• 
  

  LockBit gang confirms Ion cyber attack as disruption continues

  

  By: Alex Scroxton

• 
  

  Suspected LockBit ransomware attack causes havoc in City of London

  

  By: Alex Scroxton

• 
  

  Arnold Clark customer data was stolen in Play ransomware attack

  

  By: Alex Scroxton

• 
  

  Data of 10 million JD Sports customers accessed in cyber attack

  

  By: Alex Scroxton