Portland hotel and brewpub chain McMenamins was hit by a ransomware attack on 12th December 2021. The attack left their computer system nonfunctional, and the attackers may have stolen employee records but didn’t touch the customers’ data, the company confirmed on 15th December 2021.
— The Oregonian (@Oregonian) December 16, 2021
According to McMenamins, it did recognize and thwart the attack on Sunday but didn’t confirm anything about whether they were going to pay the ransom or not. However, they did say that their systems and operations were disturbed due to the attack, but all of its locations are currently open.
The Portland company operates about 56 hotels, bars, restaurants, and movie theaters in the Northwest. Usually, most of these sites are restored schools, hotels, lodges, and theaters.
According to a statement released by the company on Wednesday:
Cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information. The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and full scope of the attack.
Although the ransomware attack took down the company’s email and credit card scanner offline, they immediately switched to alternate payment systems. McMenamins has a completely different payment processing service that manages customer payment information and confirms that the attack didn’t penetrate those systems.
McMenamins declared that it would provide identity protection services to affected employees with the employee data compromised. About 3,000 employees were present at the affected site.
According to Brian McMenamin, a member of the family that owns the business:
What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years. We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach. We are hopeful that this holiday season will mark a positive turning point for all of us and appreciate the patience and understanding of our loyal customers and partners.
Various large and small businesses this week are unable to figure out a way to respond to a vulnerability in the Apache logging package log4j. It is software that is integrated into computer systems and IoT devices.
Ransomware attacks have increased exponentially over the last few years. Since most cybercriminals are operating from overseas, this makes it very difficult for law officials to investigate and hold them accountable.
The breach of Burgerville’s payment systems (2019) and hacking of children’s clothing retailer Hanna Anderson (2020) are among a few notable Oregon attacks.
Earlier this year, Centara Hotels & Resorts Thailand also reported a data breach where attackers stole almost 80 GB of data including customer information. The threat actors demanded a ransom of $1 million which the company refused to give.