Dec 17, 2021
0 0

McMenamins breweries hit by a Conti ransomware attack

Written by

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
New ransomware now being deployed in Log4Shell attacks
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Log4j vulnerability now used by state-backed hackers, access brokers
All Log4j, logback bugs we know so far, and why you MUST ditch 2.15
Break in to the world of ethical hacking with this huge course bundle
This image looks very different on Apple devices — see for yourself
Log4j attackers switch to injecting Monero miners via RMI
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
​Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company’s operations.
McMenamins is a popular chain of restaurants, pubs, breweries, and hotels located in Oregon and Washington.
The ransomware attack occurred over the weekend, on December 12th, with sources telling BleepingComputer that the Conti gang conducted it.
Servers and workstations were encrypted as part of the attack, including point-of-sale systems.
While the attack did not cause locations to close, McMenamins was forced to shut down their IT systems, credit card point-of-sale systems, and corporate email to prevent the further spread of the attack.
After BleepingComputer emailed McMenamins, they issued a statement later that night confirming that they were hit by ransomware and are working with the FBI and a third-party cybersecurity firm to investigate the attack.
“McMenamins today announced it has been the victim of a ransomware attack, which was identified and blocked on Dec.12. At this time, it appears that no customer payment data was impacted when cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information. The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and full scope of the attack. 
It is possible that internal employee data may have been compromised, although it is not currently known whether that is the case. The following categories of employee information were potentially affected: names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, direct deposit bank account information, and benefits records. To provide employees with peace of mind, McMenamins will be offering employees identity and credit protection services, as well as a dedicated help line through Experian. Managers will provide this information to employees directly.” – McMenamins.
As credit card scanners have been taken offline, McMenamins is being forced to change its payment processing at some locations. Unfortunately, these changes also prevent customers from purchasing or redeeming gift cards.
While our source has said that corporate data and documents appear to have been stolen during the attack, it is unknown if customer data was included. McMenamins says that their initial investigation does not indicate that any customer information was compromised as it was managed, collected, and stored by a third-party payment processing company.
However, as the hackers likely had access to the corporate network for some time, it is possible that the threat actors installed point-of-sale malware to steal credit cards, as has been done in previous ransomware attacks.
Whether this has happened will not be known until the third-party cybersecurity firm completes its investigation.
Conti ransomware is a ransomware operation believed to be run by a Russian-based hacking group known for other notorious malware infections, such as TrickBot.
The ransomware gang usually gains access to a network through BazarLoader or TrickBot malware infections installed via phishing attacks or by the threat actors exploiting vulnerabilities in Internet-exposed devices, such as VPN or firewalls.
Once the attacks gain access to an internal system, they will spread through the network, steal data, and deploy their ransomware.
Conti is considered a top-tier ransomware operation that has previously breached high-profile organizations, such as Ireland’s Health Service Executive (HSE) and Department of Health (DoH), the City of TulsaBroward County Public SchoolsFatFaceAdvantech, and Sangoma.
Due to the increased activity by the cybercrime group, the US government recently issued a warning to corporations about an increased number of Conti ransomware attacks.
Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet
Australian govt raises alarm over Conti ransomware attacks
Data breach impacts 80,000 South Australian govt employees
Emotet botnet comeback orchestrated by Conti ransomware gang
TrickBot teams up with Shatak phishers for Conti ransomware attacks
Not a member yet? Register Now
Large-scale phishing study shows who bites the bait more often
Sites hacked with credit card stealers undetected for months
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.