Sobeys Employees Detail The Chaos Inside Sobeys Stores After They Were Pwned By Ransomware

Last week word started to filter out that Canadian grocery chain Sobeys got pwned by ransomware. The chain claimed that they had an “IT issue”, but by the end of the week there was proof that they had been pwned. Now CBC News is giving us an inside look at the chaos that ensued after the chain was pwned:

“Somebody higher up got an email and basically clicked a link they weren’t supposed to,” said the front-end Safeway employee. “I don’t know the exact dollar figure, but I know it was like millions, like several millions.”

The troubles began overnight Thursday, Nov. 3 into Friday, Nov. 4.

When employees arrived for work on Friday, their computers took longer than usual to boot up, and when they finally did, “nothing came up other than this big white block in the middle of the screen that said ransomware, please comply before proceeding, or something like that,” said a worker in a meat and seafood department at a Safeway store.

“I saw the word ransom and that scared me right away.”

And:

The computer issues have also disrupted Empire’s ability to maintain its usual scheduling and payroll systems.

“I literally went into work and there was like a schedule written down on a piece of paper and I’m like, what is this?” said a worker.

Some employees are being asked to write down their hours in a logbook.

Employees in the chain are paid every other week, and some were told last week they would not get paid last Thursday, their scheduled payday.

However, workers later told the CBC the company found a workaround: since the first week of the two-week pay period occurred before the ransomware attack, employees would receive the same amount of pay for the second week, even if they did not work the same number of hours. Each employee also received an extra $100 on Thursday to compensate for any extra hours they may have worked the second week.

Once the payroll system is functioning again, any worker who was overpaid will be expected to return overpayments.

And:

Many customers are likely unaware of the difficulties employees are dealing with. But some impacts have been clear.

On the first day of the outage, some self-checkout machines weren’t working.

“The lineups at the tills, because people aren’t used to that and we pump a lot of people through these self checkouts — so, a lot of pissed-off customers over that,” said a Safeway worker.

Customers have been unable to use gift cards or redeem Scene loyalty points, and stores have been unable to process Western Union transfers — causing frustration for some, one employee said. 

The company has not officially told employees the cause of the outage. They have been instructed to simply tell customers it’s an IT issue.

“You kind of feel bad having to like just you know, water it down, what’s really going on, to customers,” said an employee. “You feel like you’re deceiving everybody because there’s more going on behind the doors than what they’re trying to make it out to be.”

This shows the sort of carnage that being pwned by ransomware can cause. It also shows what happens when you don’t have a remediation strategy in place in case you do get pwned. Clearly Sobeys had a huge hole in their cybersecurity plan. Or they didn’t have a plan. Either way, I say parliament should find out. Sobeys is the second largest grocery retailer in the country, which means that this is a non-trivial event. And Canadians deserve answers as to how and why they got pwned and how they will avoid getting pwned again in the future.

Leave a Reply

%d bloggers like this: