IT systems of Canadian food retailers Sobeys' grocery are experiencing intermittent glitches linking to the possible deployment of Black Basta ransomware attack…

Continue reading
Canadian food retail giant Sobeys' grocery shops and pharmacies have been having IT system glitches over the weekend.
With over 134,000 workers serving 1,500 shops in all 10 Canadian provinces (under the Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, and Lawtons Drugs retail banners), Sobeys is one of only two major grocery merchants in the country.
Empire, Sobeys' parent company, issued a press statement on Monday explaining that even though its supermarkets were still open, certain services were unavailable due to an internal IT problem.
_"In the meanwhile, the company-owned grocery shops are open and generally operating for their consumers. Some in-store services, however, are only available on an as-needed basis or are experiencing delays,"_ the retailer said.
_"More than that, some of the Company's pharmacies are having trouble processing prescriptions due to technological issues. However, the company is still dedicated to providing its pharmaceutical customers with uninterrupted service."_
The business also said that it is striving to fix the problems with its IT systems in order to minimize the impact on its retail outlets.
All shops were open and _"not experiencing substantial difficulties,"_ according to a second statement released on Sobeys' official website with _"essential information"_ about the retailer's store services.
According to accounts from staff, however, all computers in impacted Sobey's shops were shut out, but POS and payment processing systems remained functional since they are configured to operate on a different network.
Local media in Canada started that provincial privacy watchdogs in Quebec and Alberta had verified receiving _"confidentiality incident"_ notices from the retailer, albeit the business had not yet disclosed any material tying the current outage to a hack.
The Quebec watchdog informed The Canadian Press that notifications are only sent after a data breach in which individuals' personal information was exposed.
Black Basta ransomware payloads were used to encrypt Sobeys' computers, and the attackers deployed ransom letters and engaged in negotiation talks with company representatives.
Multiple accounts place the attack somewhere between Friday night and Saturday morning.Pictures of Sobeys's in-store computers showing a Black Basta ransom message have been posted online by staff members.

*Sobeys ransom notes*
While the amounts demanded in ransom vary from victim to victim, it is clear that at least one victim was asked to pay more than $2 million for a decryptor to prevent the release of stolen data.
The operators of Qbot (QuakBot) networks reported seeing Black Basta delivering payloads in June 2022.
Although the information on this ransomware group is scant, it is safe to assume that, given their bargaining style and ability to breach new victims swiftly, this is not a new operation but a rebrand.
Although it has not been verified, Black Basta was also suspected of having ties to the Conti ransomware.
This week, we also uncovered facts linking Black Basta to the Russian-speaking, financially-motivated hacking group FIN7, who are notorious for using POS malware and spear-phishing attacks on hundreds of businesses all over the globe.

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.