Foodservice supplier Edward Don hit by a ransomware attack

Foodservice supplier Edward Don has suffered a ransomware attack that has caused the company to shut down portions of the network to prevent the attack's spread.

Edward Don and Company is one of the largest distributors of foodservice equipment and supplies, such as kitchen supplies, bar supplies, flatware, and dinnerware.

Today, BleepingComputer has learned that Edward Don suffered a ransomware attack earlier this week that has disrupted their business operations, including their phone systems, network, and email.

The email outage has caused employees to use Gmail accounts to communicate with customers regarding urgent orders or fulfillment issues.

Edward Don has not publicly disclosed the attack at this time, but employees have stated that they cannot accept new orders until the systems are brought back online.

As Edward Don is one of the leading distributors of food service supplies, this attack will cause a significant disruption in the supply chain for hospitals, restaurants, hotels, and bars.

BleepingComputer has attempted to contacted Edward Don but has not received a reply.

If you have first-hand information about the Edward Don attack or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Qbot trojan seen on Edward Don network

At this time, it is not clear what ransomware operation has conducted the attack.

However, Advanced Intel CEO Vitali Kremez has told BleepingComputer that company may have been infected by the Qbot malware based on their adversarial visibility.

Qbot is known to partner with ransomware operations to provide them remote access to infected networks. Ransomware gangs use this remote access to spread laterally through a network, steal data, and ultimately deploy the ransomware to encrypt devices.

In the past, the ProLock and Egregor ransomware gangs partnered with Qbot. Since their shutdown, the REvil ransomware gang has been utilizing the botnet.

Ransomware has caused significant disruption to critical infrastructure and the supply chain over the past two months, with recent attacks on the Colonial Pipeline and food producer JBS.

Colonial Pipeline paid a $4.4 million ransom to the DarkSide operation, and JBS paid $11 million to REvil after their attacks.