Russia-linked hacker gang claims ransomware attack on McDonald's

Russia-linked hacker gang claims ransomware attack on McDonald’s as feds issue ‘shields up’ alert for ALL American companies to ‘prepare for disruptive cyber activity’

  • Hacker gang Snatch on Friday claimed to have stolen 500 GB from McDonald’s
  • The ransomware group all appear to be Russian-speaking, experts say
  • It could be the opening salvo in Russian cyber retaliation against the US
  • CISA issued a ‘shields up’ alert to all US organizations over potential attacks 

A ransomware group linked to Russia has claimed a cyberattack on McDonald’s Corporation, as federal officials warn of potential widespread targeting of US businesses after Russia’s unprovoked invasion of Ukraine.

The hacker gang Snatch on Friday claimed to have stolen 500 gigabytes of data from the fast-food giant headquartered in Chicago, posting their demand for an undisclosed ransom on the dark web.

A McDonald’s spokesperson did not immediately respond to a request for comment from

The iconic company, which signifies America’s economy and culture around the world with more than 38,000 locations in 100 countries, has a market capitalization of $186 billion.

The purported McDonald’s breach comes as the US Cybersecurity and Infrastructure Security Agency issues a ‘shields up’ alert to all American businesses and organizations, urging them to take measures to protect themselves from potential Russian cyberattack.

The hacker gang Snatch on Friday posted files to the dark web, claiming to have stolen 500 gigabytes of data from McDonald’s

McDonald’s is an iconic American company headquartered in Chicago. It has more than 38,000 locations in 100 countries and a market capitalization of $186 billion

The group behind the Snatch ransomware refer to themselves as the ‘Snatch Team’ and all appear to be Russian-speaking, according to a 2019 report from security firm Sophos.  

The report said that the group behind the ransomware appeared to have been active since the summer of 2018, though they have maintained a fairly low profile, executing few headline-making breaches.

The malware used by the hacker gang is highly sophisticated, and operates by rebooting victim computers in Safe Mode, in which most security measures are deactivated. 

Russia maintains a sophisticated cyber offensive capability, both through state-controlled cyberwarfare teams and criminal gangs that seem to operate with state approval, as long as they only target Western victims. 

In the immediate lead-up to Vladimir Putin’s invasion of Ukraine, there were massive and widespread cyberattacks on Ukrainian government websites and infrastructure.

Now, US official warn that Russia could pursue similar tactics against the US and European allies in retaliation for the punishing sanctions they have imposed.

‘Russia’s unprovoked attack on Ukraine, which has been accompanied by cyber-attacks on Ukrainian government and critical infrastructure organizations, may have consequences for our own nation’s critical infrastructure, a potential we’ve been warning about for months,’ CISA said in its ‘shields up’ alert. 

The US Cybersecurity and Infrastructure Security Agency issued a ‘shields up’ alert to all American businesses and organizations this week

‘Every organization—large and small—must be prepared to respond to disruptive cyber activity,’ CISA said in the alert. 

‘While there are no specific or credible cyber threats to the U.S. homeland at this time, we are mindful of the potential for Russia’s destabilizing actions to impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies,’ the agency said. 

Experts warned that criminal hacker gangs in Russia, which frequently appear to operate with tacit government approval, now seem to be backing Putin in his confrontation with the West. 

‘Russia-linked cybercriminals appear, unsurprisingly, to be supporting Russia,’ Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told

‘While some of their threats may be idle – they likely don’t have the ability to pick off critical infrastructure at will – this is nonetheless a good time for all organizations to ensure their shields are fully up,’ he added.

‘It’s a volatile and unpredictable situation.’

US organizations are urged to report any cyber incidents or anomalous activity to CISA at [email protected] or 888-282-0870.  

Source: Read Full Article