Kwik Trip has been experiencing a series of disruptive incidents since the weekend, which appear to be the result of a ransomware attack.
Kwik Trip is a chain of convenience stores and gas stations operating in Michigan, Minnesota, and Wisconsin, and under the name Kwik Star in Illinois, Iowa, and South Dakota. With over 800 locations, the company employs more than 35,000 individuals.
If you have any information about the Kwik Trip/Kwik Star incident, please contact us confidentially via Signal at 646-961-3731.
Mysterious “network incident”
Since the past weekend, Kwik Trip employees have reported various outages in their IT systems. However, company sources have not provided a clear explanation for these disruptions.
Employees have been unable to receive new orders, accept payments through the Kwik Reward system, and access support systems.
Corporate offices’ email and phone systems have also been impacted by this network incident.
The IT outages have frustrated customers, particularly regarding the company’s Kwik Rewards platform, which prevents them from using accumulated rewards for purchases.
Store managers and employees have posted signs explaining that the outages are beyond their control and have requested customers to show respect for their colleagues.
BleepingComputer reached out to Kwik Trip for more information about the incident, as multiple employees believe it to be a cyberattack. While Kwik Trip has confirmed the “network incident,” they have not addressed whether it is a security issue.
According to the timeline and nature of the IT outages, it is likely a ransomware attack.
In recent years, enterprises and governments have struggled to prevent threat actors from infiltrating their networks, stealing data, and encrypting devices. These attacks often occur on weekends when there are fewer IT staff monitoring activities.
Threat actors then use the stolen data as leverage, threatening to release employee and corporate information unless a ransom is paid.
Unfortunately, these tactics have been highly successful, with ransomware gangs earning at least $449.1 million in 2023, as reported by blockchain analysis company Chainalysis.
Most recently, Caesars Entertainment paid a ransomware gang $15 million to prevent the publication of stolen data and receive a decryptor.