Home > Computing > No mini-bar for you: Luxury hotel pays up after…

No mini-bar for you: Luxury hotel pays up after virus locks guests out of rooms

ransomware hotel key cards romantik seehotel jaegerwirt
Romantik Seehotel Jaegerwirt
Why it matters to you

Ransomware isn’t going away, and this attack on a hotel’s key card network shows cybercriminals are getting more creative.

The targets for ransomware attacks continue to get stranger. Over the weekend it was reported that a luxury hotel in Austria paid about $1,600 in bitcoin to retrieve its systems. The attack had even compromised the hotel’s electronic key card network, locking guests out of their rooms.

The Romantik Seehotel Jaegerwirt hotel in Turracher Höhe, Austria, said it has been targeted numerous times by ransomware attacks, but is only going public with this information now as a warning to others.

In this particular attack, the culprits managed to freeze the hotel’s system for managing key cards. The incident meant once a guest had left the room, they couldn’t re-enter, and new cards couldn’t be programmed. As a result, hotel staff had to resort to a separate internal system for locking and unlocking doors. The hotel’s reservation management system and cash desk was also affected. The disruption lasted for about 24 hours.

It appears the hackers timed the attack quite well as it was the opening of skiing season, the 111 year old hotel’s busiest period. “The house was totally booked with 180 guests, we had no other choice. Neither police nor insurance help you in this case,” said Christoph Brandstaetter, managing director of the hotel, on the decision to cough up the money.

According to Brandstaetter, his hotel was attacked by more conventional ransomware last summer as well, which cost the business thousands of euros in IT costs. The most recent hack, meanwhile, forced the business to pay a Bitcoin ransom worth about $1,600.

“Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly,” said Brandstaetter.

Once paid, the hackers restored all the systems, which was good news for The Romantik Seehotel Jaegerwirt, but paying off a ransom is never a guarantee that you’ll get your systems back running. The hotel almost learned this the hard way, as the cybercriminals attempted yet another attack after the ransom was paid. That attempt was only thwarted by the installation of new hardware.

Now, to prevent a similar fate in the future, the hotel’s managers are going a little old school: “We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers.” In this case, it seems old technology is the best way to prevent a high-tech attack.