Skip to content

Hackers demand bitcoin ransom in cyberattack on big Canadian restaurants


Recipe Unlimited says there's no ransom threat because its systems are secure

On October 3rd, 2018, CBC News reported a Canadian company that owns many popular restaurant chains has been told to pay ransom in bitcoin to retrieve data that hackers claim to have stolen. On Monday, Recipe Unlimited — formerly Cara Operations — said it was hit with a "malware outbreak" that's affecting operations at a "limited number" of its restaurants including brands Swiss Chalet, Harvey's, Milestones, Kelsey's, Montana's, Bier Market, and East Side Mario's. Several locations have temporarily closed as a result. 



Following the cyberattack on Friday, a ransom letter popped up on computers at multiple restaurants owned by the company, some employees said. "All of our computer systems crashed," said a worker on shift at the time at an affected location. "The ransom note appeared under the file, 'read me' in a WordPad format. We were all really in a state of shock." CBC News has agreed to keep employees' names and work locations confidential because they fear repercussions from their employer for speaking publicly about the incident.

The ransom note, obtained by CBC News, informs Recipe Unlimited that "there is a significant hole in the security of your company" and that "we've easily penetrated your network." The hackers claim that they "crypted" the company's files "with the strongest military algorithms" and that, in order to restore the data, the company must pay an unspecified amount in bitcoin. "The final price depends on how fast you write us," said the message, adding that every day of delay will cost 0.5 bitcoin, more than $4,000 Cdn. "There's a big difference between malware and ransomware, and this is ransomware," said another employee at an affected location. "It's, 'We're taking all of your information and holding it hostage.'"


Recipe Unlimited denies it's being held ransom, because it conducts regular system backups to protect its files. "We maintain appropriate system and data security measures," said spokesperson Maureen Hart in an email.

She also downplayed the letter, saying that it's a "generic" statement associated with a virus called Ryuk, and that exact copies of the ransom note can be found via a Google search.

CBC News found similar versions of the letter online, as well as a recent blog about Ryuk written by international cybersecurity company Check Point Research.

It said that in August, Ryuk attacked various companies worldwide and that "some organizations paid an exceptionally large ransom to retrieve their files," netting the hackers more than $640,000 US so far. 

Check Point also said Ryuk may be connected to a cyber operation in North Korea.


Recipe Unlimited declined to provide an update on when its computer problem would be resolved or the number of restaurants impacted. While multiple locations remain closed, a number of others cannot process debit and credit card transactions or accept online takeout orders.

Meanwhile, the ransom threat remains a concern for some employees who worry about hackers getting their personal information from the company's computer system. 

"There's no communication as far as what these people have and what they're doing with it," said one worker. "Do we need to be contacting our banks and stuff like that?"

Another employee said he has received no information from Recipe Unlimited about the cyberattack, and he wants more details. "We're basically the front line for them, and we don't really know what's going on," he said. "Staff has been left in the dark." Spokesperson Hart said the company has been in constant communication with affected restaurants and franchise owners, and employees shouldn't be worried. "We have no indication that this limited malware incident has resulted in any data breach," she said. 

Recipe Unlimited franchises and/or operates more than 1,000 restaurants, mainly in Canada.

The views expressed in this document are solely the views of the author(s). This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.

September 28, 2021

"The New Normal?” Managing The Return to the Worksplace

A Virtual Conference

Janus Conferences Logo biege
Scroll To Top