Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
New ransomware now being deployed in Log4Shell attacks
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Log4j vulnerability now used by state-backed hackers, access brokers
Log4j attackers switch to injecting Monero miners via RMI
Facebook disrupts operations of seven surveillance-for-hire firms
McMenamins breweries hit by a Conti ransomware attack
Cloudflare is experiencing widespread latency and timeouts
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
​Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company’s operations.
McMenamins is a popular chain of restaurants, pubs, breweries, and hotels located in Oregon and Washington.
The ransomware attack occurred over the weekend, on December 12th, with sources telling BleepingComputer that the Conti gang conducted it.
Servers and workstations were encrypted as part of the attack, including point-of-sale systems.
While the attack did not cause locations to close, McMenamins was forced to shut down their IT systems, credit card point-of-sale systems, and corporate email to prevent the further spread of the attack.
After BleepingComputer emailed McMenamins, they issued a statement later that night confirming that they were hit by ransomware and are working with the FBI and a third-party cybersecurity firm to investigate the attack.
“McMenamins today announced it has been the victim of a ransomware attack, which was identified and blocked on Dec.12. At this time, it appears that no customer payment data was impacted when cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information. The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and full scope of the attack. 
It is possible that internal employee data may have been compromised, although it is not currently known whether that is the case. The following categories of employee information were potentially affected: names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, direct deposit bank account information, and benefits records. To provide employees with peace of mind, McMenamins will be offering employees identity and credit protection services, as well as a dedicated help line through Experian. Managers will provide this information to employees directly.” – McMenamins.
As credit card scanners have been taken offline, McMenamins is being forced to change its payment processing at some locations. Unfortunately, these changes also prevent customers from purchasing or redeeming gift cards.
While our source has said that corporate data and documents appear to have been stolen during the attack, it is unknown if customer data was included. McMenamins says that their initial investigation does not indicate that any customer information was compromised as it was managed, collected, and stored by a third-party payment processing company.
However, as the hackers likely had access to the corporate network for some time, it is possible that the threat actors installed point-of-sale malware to steal credit cards, as has been done in previous ransomware attacks.
Whether this has happened will not be known until the third-party cybersecurity firm completes its investigation.
Conti ransomware is a ransomware operation believed to be run by a Russian-based hacking group known for other notorious malware infections, such as TrickBot.
The ransomware gang usually gains access to a network through BazarLoader or TrickBot malware infections installed via phishing attacks or by the threat actors exploiting vulnerabilities in Internet-exposed devices, such as VPN or firewalls.
Once the attacks gain access to an internal system, they will spread through the network, steal data, and deploy their ransomware.
Conti is considered a top-tier ransomware operation that has previously breached high-profile organizations, such as Ireland’s Health Service Executive (HSE) and Department of Health (DoH), the City of TulsaBroward County Public SchoolsFatFaceAdvantech, and Sangoma.
Due to the increased activity by the cybercrime group, the US government recently issued a warning to corporations about an increased number of Conti ransomware attacks.
Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet
Australian govt raises alarm over Conti ransomware attacks
Data breach impacts 80,000 South Australian govt employees
Emotet botnet comeback orchestrated by Conti ransomware gang
TrickBot teams up with Shatak phishers for Conti ransomware attacks
Not a member yet? Register Now
Log4j: List of vulnerable products and vendor advisories
Hackers steal Microsoft Exchange credentials using IIS module
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Microsoft warns of the evolution of six Iranian hacking groups

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Microsoft offers 50% subscription discounts to Office pirates

Microsoft offers 50% subscription discounts to Office piratesRussian hacking group uses new…

Police arrests ransomware affiliate behind high-profile attacks

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…

CISA orders federal agencies to patch Log4Shell by December 24th

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsBugs in billions…