A resort hotel in Austria has been the target of a ransomware attack that crippled the electronic “smart locks” on guest rooms.
The ransomware attack prevented the issuance of new key cards. The four-star Romantik Seehotel Jägerwirt is said to have paid the hackers a modest ransom in Bitcoin to reactivate their systems.
Hackers compromised the hotel’s electronic key system, as well as all of its computers. It was initially reported that the attack left hotel guests either locked out of rooms or were trapped. However, in a statement to Motherboard, Cristoph Brandstaetter, owner of Romantik Seehotel Jaegerwirt, confirmed that this was not the case as international fire regulations prevent such incidents from happening.
He said that guests were able to get in and out of rooms “because the owners were able to open the doors with their internal system, which wasn’t networked with the infected computers”.
“Since the locking system must work even in the event of power failure, the guests in the hotel almost did not notice the incident,” the manager told Bleeping Computer.
Instead, the hotel was not able to issue new keys to guests. According to the report, local law enforcement was unable to provide suitable assistant and the hotel felt the only course of action was to give into the criminal’s ransom demands and pay around $1,600 in bitcoins in order to restore access to the electronic key system, as well as to all of the computers at the hotel.
Since that incident, the hotel got attacked once more but it was able to take systems offline to prevent more damage. Brandstaetter is now looking at changing the key system back to a traditional one with normal keys.
Ransomware attacks increasing
Ilia Kolochenko, CEO of security company High-Tech Bridge, told Internet of Business that ransomware attacks are relatively new, however, are growing much faster than any other sector cybercrime.
“The success is explained by their technical simplicity to conduct and attackers’ certainty to get paid by most of the victims, who often have no other choice that would be economically reasonable,” he said.
“Propagation of IoT and smart devices into our everyday lives will definitely increase the risks, frequency and the consequences of the ransomware attacks. I wouldn’t be surprised if in the next few years cyber-criminals will lock operational rooms in hospitals or unlock doors in state prisons.”
He added that law enforcement agencies don’t have enough experience, technical skills and most importantly – resources to fight cyber-crime.
“If they don’t get them today – in the next few years our society will lose confidence in a justice system that is unable to prosecute and prevent cyber-crime.”
In another ransomware attack, storage devices recording data from the Washington D.C. Police surveillance cameras were infected by hackers, according to reports from the Washington Post, just days before the inauguration of Donald Trump.
The attack affected 123 of the 187 video recorders in the city’s closed-circuit TV system, according to police.
Update: Cyber-criminals are said to have mounted a similar ransomware attack on two hotels in Cornwall, according to reports from the Times.
The attack has left the hotels unable to access booking systems. It is understood that neither hotel has paid up.
John Madelin, CEO at RelianceACSN, told Internet of Business that the latest attacks highlight that any size company holding identifiable customer data can be targeted by cyber-criminals.
“Cyber-criminals know that a hotel absolutely needs real-time management and control over their guest transactions in order to continue their daily operations. Any criminal would find this an attractive proposition. There is a general apathy towards cyber-crime that needs to stop,” he said.