Kwik Trip IT systems outage caused by mysterious ‘network incident’

​Kwik Trip has been impacted by a wide range of mysterious business disruptions since this weekend that are indicative of a ransomware attack.

Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois, Iowa, and South Dakota. The company employs over 35,000 people.

If you have any information regarding the Kwik Trip/Kwik Star incident, you can contact us confidentially via Signal at 646-961-3731

Mysterious "network incident"

Since this past weekend, Kwik Trip employees have told BleepingComputer and reported online that numerous IT systems have suffered outages, with corporate sources refusing to provide any clear reason for these disruptions.

Kwik Trip employees have reported being unable to receive new orders, accept payments using the Kwik Reward system, and access the company’s support systems.

BleepingComputer has also learned that this 'network incident'’ has impacted Kwik Trip corporate offices’ email and phone systems.

Customers have increasingly become frustrated as the IT outages impacted the company's Kwik Rewards platform, preventing them from using saved-up rewards to purchase gas or groceries.

This has led store managers and employees to post signs explaining that the outages are beyond their control and to be respectful to workers.

"Be respectful to our coworkers, this situation is out of our control and is company wide," reads a photo of a Kwik Trip notice posted by employees.

BleepingComputer contacted KwikTrip with questions about the incident after multiple employees told us that a weekend cyberattack is behind these ongoing outages.

While Kwik Trip has since confirmed that they have suffered what they describe as a "network incident," they have not responded to our emails or issued any statement disputing that this is a security incident.

"As many of you are aware, we are currently working through a network incident that has caused a disruption to some of our systems," reads a statement posted on Twitter.

However, the timeline and type of IT outages the company is experiencing point to a likely ransomware attack.

Over the past nine years, the enterprise and governments have been struggling to prevent threat actors from breaching their networks, stealing data, and then encrypting devices.

Many of these attacks occur over the weekend when fewer IT employees monitor the network or workstations used to spot malicious activity.

The threat actors then use the stolen data as leverage, with the hackers threatening to publish employee and corporate information if a ransom is not paid.

Unfortunately, these tactics have been highly successful, with blockchain analysis company Chainalysis reporting in June that ransomware gangs have earned at least $449.1 million in 2023.

Just recently, it was reported that Caesars Entertainment paid a ransomware gang $15 million not to publish stolen data and to receive a decryptor.