Everest Ransomware Gang Threatens to Leak 861GB of Stolen McDonald’s India Data
The Russia-linked ransomware group Everest has claimed responsibility for a cyberattack on McDonald’s India, threatening to publicly release 861GB of stolen data if a ransom demand is not met. According to a dark web post dated January 20, the gang has set a countdown, with a full file list scheduled for release in two days and a complete data dump in nine days if negotiations fail.
The group has already published sample data to validate its claims, including customer and employee personal information (names, emails, account IDs, demographics), internal financial reports, and operational documents some dating between 2017 and 2019. Researchers at Cybernews confirmed the authenticity of the samples but noted that the exposed data appears outdated.
Everest, known for high-profile attacks, previously disrupted European airports in 2023 by targeting Collins Aerospace, a key provider of aviation systems. The gang has listed 337 victims since 2023, including major corporations. In this latest breach, the attackers allege they gained "long-term, unfettered access" to McDonald’s India’s systems, exfiltrating 131GB of customer records and 730GB of additional internal data.
McDonald’s India has been contacted for verification but has not yet responded. If the data is leaked, the exposure could pose fraud and social engineering risks for affected individuals, while the release of financial and operational documents may provide competitors or criminals with sensitive corporate insights. The incident underscores the growing threat of ransomware groups targeting global brands with extortion tactics.
Source: https://cybernews.com/security/mcdonalds-breach-ransomware-attack/
Westlife Foodworld Limited cybersecurity rating report: https://www.rankiteo.com/company/westlife-foodworld-ltd
"id": "WES1768914341",
"linkid": "westlife-foodworld-ltd",
"type": "Ransomware",
"date": "6/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Food & Beverage',
'location': 'India',
'name': 'McDonald’s India',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': '861GB',
'personally_identifiable_information': ['Names',
'Emails',
'Account IDs',
'Demographics'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer personal information',
'Employee personal information',
'Internal financial reports',
'Operational documents']},
'date_publicly_disclosed': '2024-01-20',
'description': 'The Russia-linked ransomware group Everest has claimed '
'responsibility for a cyberattack on McDonald’s India, '
'threatening to publicly release 861GB of stolen data if a '
'ransom demand is not met. The group has published sample '
'data, including customer and employee personal information, '
'internal financial reports, and operational documents. '
'McDonald’s India has not yet responded to verification '
'requests.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '861GB',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': True,
'ransom_demanded': True,
'ransomware_strain': 'Everest'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'Everest Ransomware Gang',
'title': 'Everest Ransomware Gang Threatens to Leak 861GB of Stolen '
'McDonald’s India Data',
'type': 'Ransomware'}