{
	"id": "244d14fa-bc0c-4cd5-be82-1d26804642f4",
	"created_at": "2026-04-06T00:21:39.665117Z",
	"updated_at": "2026-04-10T13:12:59.754054Z",
	"deleted_at": null,
	"sha1_hash": "2047f695b7e97d1233b6e329c1b45236962d288a",
	"title": "McMenamins breweries hit by a Conti ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3810407,
	"plain_text": "McMenamins breweries hit by a Conti ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-12-16 · Archived: 2026-04-05 17:02:31 UTC\r\nPortland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the\r\ncompany's operations.\r\nMcMenamins is a popular chain of restaurants, pubs, breweries, and hotels located in Oregon and Washington.\r\nThe ransomware attack occurred over the weekend, on December 12th, with sources telling BleepingComputer that the\r\nConti gang conducted it.\r\nhttps://www.bleepingcomputer.com/news/security/mcmenamins-breweries-hit-by-a-conti-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/mcmenamins-breweries-hit-by-a-conti-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nServers and workstations were encrypted as part of the attack, including point-of-sale systems.\r\nWhile the attack did not cause locations to close, McMenamins was forced to shut down their IT systems, credit card point-of-sale systems, and corporate email to prevent the further spread of the attack.\r\nAfter BleepingComputer emailed McMenamins, they issued a statement later that night confirming that they were hit by\r\nransomware and are working with the FBI and a third-party cybersecurity firm to investigate the attack.\r\n\"McMenamins today announced it has been the victim of a ransomware attack, which was identified and blocked\r\non Dec.12. At this time, it appears that no customer payment data was impacted when cybercriminals deployed\r\nmalicious software that locked the company’s systems and prevented access to critical information. The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the\r\nsource and full scope of the attack. \r\nIt is possible that internal employee data may have been compromised, although it is not currently known whether\r\nthat is the case. The following categories of employee information were potentially affected: names, addresses,\r\nemail addresses, telephone numbers, dates of birth, Social Security numbers, direct deposit bank account\r\ninformation, and benefits records. To provide employees with peace of mind, McMenamins will be offering\r\nemployees identity and credit protection services, as well as a dedicated help line through Experian. Managers\r\nwill provide this information to employees directly.\" - McMenamins.\r\nAs credit card scanners have been taken offline, McMenamins is being forced to change its payment processing at some\r\nlocations. Unfortunately, these changes also prevent customers from purchasing or redeeming gift cards.\r\nWhile our source has said that corporate data and documents appear to have been stolen during the attack, it is unknown if\r\ncustomer data was included. McMenamins says that their initial investigation does not indicate that any customer\r\ninformation was compromised as it was managed, collected, and stored by a third-party payment processing company.\r\nHowever, as the hackers likely had access to the corporate network for some time, it is possible that the threat actors\r\ninstalled point-of-sale malware to steal credit cards, as has been done in previous ransomware attacks.\r\nWhether this has happened will not be known until the third-party cybersecurity firm completes its investigation.\r\nWho is Conti?\r\nConti ransomware is a ransomware operation believed to be run by a Russian-based hacking group known for other\r\nnotorious malware infections, such as TrickBot.\r\nThe ransomware gang usually gains access to a network through BazarLoader or TrickBot malware infections installed via\r\nphishing attacks or by the threat actors exploiting vulnerabilities in Internet-exposed devices, such as VPN or firewalls.\r\nOnce the attacks gain access to an internal system, they will spread through the network, steal data, and deploy their\r\nransomware.\r\nConti is considered a top-tier ransomware operation that has previously breached high-profile organizations, such as\r\nIreland's Health Service Executive (HSE) and Department of Health (DoH), the City of Tulsa, Broward County Public\r\nSchools, FatFace, Advantech, and Sangoma.\r\nDue to the increased activity by the cybercrime group, the US government recently issued a warning to corporations about\r\nan increased number of Conti ransomware attacks.\r\nhttps://www.bleepingcomputer.com/news/security/mcmenamins-breweries-hit-by-a-conti-ransomware-attack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/mcmenamins-breweries-hit-by-a-conti-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/mcmenamins-breweries-hit-by-a-conti-ransomware-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/mcmenamins-breweries-hit-by-a-conti-ransomware-attack/"
	],
	"report_names": [
		"mcmenamins-breweries-hit-by-a-conti-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434899,
	"ts_updated_at": 1775826779,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2047f695b7e97d1233b6e329c1b45236962d288a.pdf",
		"text": "https://archive.orkl.eu/2047f695b7e97d1233b6e329c1b45236962d288a.txt",
		"img": "https://archive.orkl.eu/2047f695b7e97d1233b6e329c1b45236962d288a.jpg"
	}
}