In mid-December 2021, pub and hotel chain McMenamins suffered a Conti ransomware attack that disrupted several of its computer systems. BleepingComputer, an information security & technology news site, has attributed the attack to the Conti gang. The cybercriminals have not touched customer data, but they may have compromised its employee records.
McMenamins — A Popular Chain of Restaurants and Hotels
McMenamins is a popular family-run chain of hotels, restaurants, pubs, and breweries based in Oregon and Washington. Several of its sites are in rehabilitated historical properties. The Brewers Association considers it one of the top 50 largest craft breweries in the US.
On December 12th, the company claimed to have identified the Conti ransomware attack deploying malicious software to lock their systems. It reported the incident to the FBI. Meanwhile, it hired a cybersecurity firm to find out the source and investigate the full scope of the attack.
Later, the company also informed visitors of an outage in a message on its website. It said that contacting the company via email can also affect them. Also, it let the customers know about technical issues and that the staff may not respond on time at the moment.
The Aftermath of the Conti Ransomware Attack
According to McMenamins, the Conti ransomware attack did not lead to the closure of any locations. Instead, the intrusion took its online reservation system offline. Consequently, the company resorted to making hotel reservations by phone. However, it could not perform other activities, such as redeeming gift cards, quoting room rates, or booking particular room types.
Furthermore, the Conti ransomware attack had compelled the company to shut down its IT systems, corporate email, and credit card point-of-sale systems. Nevertheless, the company has acted to prevent the further spread of the Conti ransomware attack.
When it comes to data exfiltration, the company asserted that the attack had no impact on customer payment data. However, the cybercriminals might have affected the data of its 2,700 employees, including their names, dates of birth, addresses, email addresses, direct deposit bank account information, social security numbers, and benefits records.
To their credit, McMenamins claimed to offer identity protection services to its employees. At the same time, it works to specify the scope of the Conti ransomware attack.
Who is the Conti Group?
Conti is ostensibly a Russia-based cybercrime group. It is known for notorious malware infections, such as BazarLoader and TrickBot. Essentially, the group usually installs these malware infections through phishing attacks. It also exploits flaws in Internet-exposed devices, such as firewalls and VPNs. It is safe to say that this group is one of the most ruthless ransomware groups out there.
The Conti gang is also notorious for demanding ridiculously high ransom amounts. In early 2021, the group demanded a ransom from Broward County Public Schools. The ransom amount was $40 million to decrypt the files and prevent attackers from publishing the information online.
Apart from that, the Conti group disrupts an organization’s customer-facing networks or services. It has even affected emergency medical services and law-enforcement agencies. What’s more, it has the capability to destroy backups used by its victims to recover from attacks.
Over the last few years, the rate of ransomware attacks has grown sharply. However, thankfully, organizations can still prevent ransomware attacks through penetration testing or pen-testing. Without a doubt, cybersecurity professionals perform it to unveil exploitable vulnerabilities across the system that cybercriminals can use to gain access.
Conti Gang made the ransomware attack on McMenamins
McMenamins hit by the ransomware attack
Ransomware Shut Down McMenamins Credit Card Systems and Phone
McMenamins targeted by the ransomware attack
Conti gang hit McMenamins with the ransomware attack