A recent attack targeted McMenamins, a popular family-run chain of hotels, restaurants, and breweries. The company is still experiencing disruptions, and its employees’ data may have been exposed.
The ransomware attack forced the Washington and Oregon-based chain to shut down several operations – IT systems, credit card point-of-sale systems, and corporate email to prevent the attack from spreading even more.
The Conti gang is thought to be responsible for the incident.
The company confirmed that the attack happened on December 12: “when cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information,” it wrote in a press statement to several news websites on Wednesday.
The chain also informed its website’s visitors that an outage may affect communications, and it cannot be contacted via email.
“We are currently experiencing technical issues with our email system,” according to the notice.
McMenamins Employees’ Data Might Have Been Exposed
While the chain’s representatives say that customer payment data was not compromised, the names, Social Security numbers, bank information, and other information regarding its 2,700 employees may have been exposed. In response, the company is providing protection services to its staff.
“We are acting cautiously and operating under the assumption that the attackers could have accessed or copied electronic files containing the following categories of employee information: name, address, telephone number, email address, Social Security number, date of birth, bank account number for direct deposit, income/wages records, and benefits information, such as retirement plan contributions and health insurance plan election,” the company wrote.
According to a press statement, co-founder Brian McMenamin acknowledged the data breach “is especially disheartening” considering its timing after the “strain and hardship” employees have gone through during the COVID-19 pandemic.
“We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach,” he said, according to reports.
The company also said it has reported the incident to the FBI and is working with cybersecurity experts to find the threat actors responsible and their goal.
“We have retained an experienced cybersecurity investigation firm to support these efforts and our efforts to enhance our security. We have reported the incident to the FBI and are cooperating with their investigation,” the company wrote.
Is Conti Group To Blame?
According to employees, a message from the ransomware gang that popped up on McMenamins’ point of sales computers read: “All of your files are currently encrypted by CONTI strain. As you know…all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software—the files might be damaged, so if you are willing to try it—try it on the data of the lowest value.”
The message did not mention a ransom, and continued with: “Just in case, if you try to ignore us, we’ve downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond. So it will be better for both sides if you contact us as soon as possible.”
The FBI noted that the Conti group sends phishing emails, usually with an Excel sheet or other poisoned links or attachments, tempting recipients to click on them. Once clicked, Conti deploys malware into the computer network.
ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.