conti attacks HelmsBriscoe

Incident Date:

February 11, 2022

World map



conti attacks HelmsBriscoe






Scottsdale, USA

Arizona, USA

First Reported

February 11, 2022

HelmsBriscoe Suffers Ransomware Attack

Company Overview

HelmsBriscoe, a global leader in hotel site selection, has been targeted by the ransomware group Conti, as revealed through a leak on the group's dark web site. Established in 1992, HelmsBriscoe offers its services across various sectors, including corporate, association, and government. The company's extensive reach, covering over 60 countries, enables it to deliver local expertise for successful meetings worldwide. Leveraging a proprietary database powered by a global network of more than 1,400 Associates, HelmsBriscoe provides unmatched property intelligence, rate histories, and client anecdotes. This, combined with preferred rates, allows the company to secure exclusive deals for its clients, irrespective of the meeting's size or frequency. HelmsBriscoe boasts an unparalleled number of hotel and destination partnerships, encompassing nearly every major hotel chain and numerous independent properties.


The hospitality sector's increasing reliance on technology has introduced several vulnerabilities, making data breaches and cyberattacks a significant concern. In 2023, the average cost of a hospitality data breach rose to $3.36 million from $2.94 million in 2022. The industry has witnessed a substantial uptick in attacks, with nearly a third (31%) of hospitality organizations reporting at least one data breach during their operational history.


Ransomware attacks pose a considerable threat to the hospitality industry, potentially affecting customer satisfaction and harming the company's reputation. For HelmsBriscoe, the ransomware attack may have compromised its ability to efficiently provide site selection and contract negotiation services, leading to delays and potential client dissatisfaction.


To counter the risks posed by ransomware attacks, hospitality companies are advised to implement comprehensive cybersecurity protocols, safeguard sensitive data, and ensure uninterrupted service provision. Additionally, it is recommended that companies avoid paying ransom demands to discourage further attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.