McMenamins Ransomware Attack
Posted by Security on
As you may or may not be aware, the well-known brewery and hospitality chain McMenamins suffered a data breach following a ransomware attack during the month of December. During the attack, threat actors stole business records, payroll and human resources data files dating back as far as 1998!
The attack temporarily disrupted their operations over a weekend as several of their servers, workstations, and point-of-sale systems were encrypted. It was later determined that hackers had been in their systems since December 7th, days before they executed their final attack on December 12th. McMenamins was forced to shut down all credit card point-of-sale systems, corporate email, and any IT systems to stop the spread of the attack internally.
According to the breach disclosure, stolen data potentially included names, addresses, phone numbers, email addresses, birthdates, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution information.
The attack was performed by Conti, a ransomware gang believed to be run by a Russian-based hacking group known for other malicious malware infections such as TrickBot. Conti has previously breached high-profile organizations, targeting their efforts through phishing attacks and known vulnerabilities on internet exposed devices such as VPN or Firewall devices. Once they gain access, they attempt to spread through the network, hopping from system to system to learn what they have access to, and deploy ransomware.
Intrusions such as this result in widespread loss for businesses, expensive disruptions, and can tarnish trust. In the case of McMenamins, trust is lost with their staff and patrons, who will now have a heightened sense of risk when conducting business with them going forward.
SpireTech continues to recommend that clients maintain awareness of security threats and how to protect themselves from phishing attempts. Contact SpireTech if you’re interested in raising your security posture and providing additional training services to your staff.