Russian-linked hacker gang claims ransomware attack on McDonald’s

Russian-Linked Hacking Gang Launches Ranswomware Attack on McDonald’s: FBI Issues ‘Shields’ Alert to ‘All American Businesses’ to ‘Prepare for Disruptive Cyber ​​Activity’

  • On Friday, the Snatch hacker gang claimed to have stolen 500GB from McDonald’s
  • Ransomware group appears to be all Russian-speaking, experts say
  • This could be the first salvo of Russian cyber-retaliation against the United States
  • CISA has issued a “shields up” alert to all US organizations over potential attacks










A Russian-linked ransomware group has claimed responsibility for a cyberattack on McDonald’s Corporation, as federal officials warn of potential widespread targeting of US companies following Russia’s unprovoked invasion of Ukraine.

On Friday, the Snatch hacker gang claimed to have stolen 500 gigabytes of data from the Chicago-headquartered fast food giant, posting its undisclosed ransom demand on the dark web.

A McDonald’s spokesperson did not immediately respond to a DailyMail.com request for comment.

The iconic company, which represents the American economy and culture worldwide with more than 38,000 locations in 100 countries, has a market capitalization of $186 billion.

The alleged McDonald’s breach comes as the US Cybersecurity and Infrastructure Security Agency issues a ‘shields up’ alert to all US businesses and organizations, urging them to take action to protect themselves from a possible Russian cyberattack .

The Snatch hacker gang released files on the dark web on Friday claiming to have stolen 500 gigabytes of data from McDonald’s

McDonald's is an iconic American company headquartered in Chicago.  It has over 38,000 locations in 100 countries and a market capitalization of $186 billion.

McDonald’s is an iconic American company headquartered in Chicago. It has over 38,000 locations in 100 countries and a market capitalization of $186 billion.

The group behind the Snatch ransomware calls itself “the Snatch team” and all appear Russian-speaking, according to a 2019 report by security firm Sophos.

The report says the group behind the ransomware appears to have been active since the summer of 2018, although it has maintained a fairly low profile, executing few headline-grabbing breaches.

The malware used by the hacker gang is very sophisticated and works by rebooting victims’ computers into safe mode, in which most security measures are disabled.

Russia maintains a sophisticated cyberoffensive capability, both through state-controlled cyber warfare teams and criminal gangs that appear to operate with state approval, as long as they only target Western victims. .

Just prior to Vladimir Putin’s invasion of Ukraine, there were massive and widespread cyberattacks on Ukrainian government websites and infrastructure.

Now a US official is warning that Russia may pursue similar tactics against US and European allies in retaliation for punitive sanctions they have imposed.

“Russia’s unprovoked attack on Ukraine, which has been accompanied by cyberattacks on the Ukrainian government and critical infrastructure organizations, could have consequences for our own country’s critical infrastructure, a potential that we have been warning for months,” CISA said in its ‘Shield Up’ alert.

The US Cybersecurity and Infrastructure Security Agency issued an alert this week

The US Cybersecurity and Infrastructure Security Agency this week issued a “shields up” alert to all US businesses and organizations.

“Every organization, large or small, must be prepared to respond to disruptive cyber activity,” CISA said in the alert.

“While there are no specific or credible cyber threats to U.S. homeland at this time, we are aware of the potential for Russia’s destabilizing actions to impact organizations inside and outside the United States. outside the region, particularly in the wake of sanctions imposed by the United States and our allies,” the agency said.

Experts have warned that criminal hacker gangs in Russia, which often appear to operate with tacit government approval, now appear to support Putin in his confrontation with the West.

“Russian-linked cybercriminals appear, unsurprisingly, to support Russia,” Brett Callow, threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.

“While some of their threats may be inactive – they likely lack the ability to detect critical infrastructure at will – it is nonetheless a good time for all organizations to ensure their shields are fully up,” he added.

“It’s a volatile and unpredictable situation.”

U.S. organizations are encouraged to report any cyber incidents or abnormal activity to CISA at [email protected] or 888-282-0870.