McMenamins Cyberattack Highlights New Normal

Joan McGuire

Ransomware attacks have increased nearly 500% in the last two years, experts say.

Share this article!

Weathering cyberattacks — like the one that targeted McMenamins earlier this month — is becoming a fact life for business owners, cybersecurity experts say.

“The goal of these organizations isn’t to make money, it’s to create chaos,” says Wayne Machuca, lead instructor for Mt. Hood Community College’s cybersecurity program. “Attack types are all across the board. Some of these, there is nothing you can do about. It’s not a matter of if you’re going to get hit. It’s a matter of when.”

After a year of financial disruptions led the company to seek new investors, the iconic Oregon brewpub and hotel chain announced last week that on Dec. 12 it was the victim of a ransomware attack.


Neither McMenamins nor the FBI have identified the group responsible for the attack, but a report from cybersecurity publication bleepingcomputer suggested the Conti group, state-sponsored Russian cyber criminal organization, was behind the attacks.

Ransomware attacks, which freeze a company’s data and hold it hostage, have increased nearly 500% over the last two years, according to cybersecurity firm Bitdefender.

According to a statement from McMenamins, investigators do not believe that customer payment data was collected. But the company said it’s possible cyberattackers stole personal data connected to its 2,700 employees, including names, Social Security numbers, telephone numbers, benefit information, bank account information and other personal information.

Microsoft security expert Tom Burt says Russian cyberattackers have been linked to 23,000 attacks this year on more than 600 organizations. They have spent the last two year attacking organizations where IT failures would cause significant damage, specifically targeting the health care industry with ransomware attacks, according to an October report by cybersecurity firm Mandiant.

One hallmark of state-sponsored cyber crime is unreasonable ransom amounts for keys to encrypted data. Earlier this year, Conti demanded $40 million from a Florida public school.

McMenamins’ statement said it will provide identity and credit protection services to its workers in response to the attack.

The hospitality chain also stated it is working with the FBI and a private cybersecurity firm — which it did not name — to identify the perpetrators and the full scope of the attack.

To subscribe to Oregon Business, click here.