Hackers Lock Hotel Guests Out of Their Rooms in Ransomware Attack

The hotel was full and locked out of its own computer system

Hackers Lock Hotel Guests Out of Their Rooms in Ransomware Attack
Image: Pexels
January 31, 2017

Cybercrimes are becoming more and more common, as a lakeside Alpine hotel recently discovered.

Hackers attacked the electronic key system at the Romantik Seehotel Jaegerwirt in Austria, locking employees out of the system and about 12 guests out of their rooms. Guests were left stranded in the lobby and employees were confused and panicking.

According to Christoph Brandstaetter, the hotel's managing director, a ransom demand was sent to the Romantik by email. "Good morning?" the email began, then demanded two Bitcoins—approximately $1,800—in ransom to unlock the rooms of the affected guests. It warned that the ransom amount would double if the hotel did not pay by the end of the day, January 22.

Brandstaetter commented that the details for a "Bitcoin wallet"—the account in which the money is deposited—were included in the email, which ended with the phrase "Have a nice day!"

Given that the hotel was booked solid with skiers, hikers, and vacationers—some of whom had paid roughly $530 for a suite with a sauna and a panoramic view—Brandstaetter decided to give in.

Guests had already made complaints about nonfunctional electronic room keys, and efforts made by receptionists to create new keys did not work. Breaking down room doors was not an option, and the hotel's reservation system in the village of Turracherhöhe, which is roughly 90 minutes from Salzburg by car, was paralyzed.

"We were at maximum capacity with 180 guests and decided that it was better to give in," said Brandstaetter. "The hackers were very pushy."

According to security experts, this attack seems to have been a unique example of a kind of modern-day piracy that is becoming more and more malicious and widespread.

The weapon used by the pirates? A kind of software known as ransomware.

Ransomware attacks are simple. A victim will usually receive an email containing either a link or an attachment with software that will encrypt their computer files and hold them hostage until the victim pays a ransom. Police officials say that many hackers who carry out attacks like these are operating in Russia and Eastern Europe, and they frequently demand that the ransom be paid in the digital currency called Bitcoin, which is hard to trace.

"Ransomware is becoming a pandemic," said Tony Neate, a former British police officer who investigated cybercrime for 15 years. "With the internet, anything can be switched on and off, from computers to cameras to baby monitors."

However, he added, "hacking a hotel and locking people out of their rooms is a new line of attack."

Neate is now chief executive of the British government-backed security charity Get Safe Online. He said that the amounts of money demanded in ransomware attacks were usually low enough that the victim would give in. The result, however, was that hackers had to make dozens of attacks in one day in order to make them viable financially.

Neate still advised victims not to pay, however. He argued that paying the hackers would only encourage more attacks and that the ransom money would finance criminal activity, which could include terrorism. He warned that hotels should reinforce digital security in order to guard against copycat crimes.

The U.S. Justice Department estimates that ransomware attacks rose to an average of 4,000 per day in 2016, a rate four times greater than that of 2015. According to the FBI, the total costs paid by victims in ransoms rose to $209 million in the first three months of 2016 alone when compared with $24 million through the whole year of 2015.

Many other organizations have been forced to pay ransoms in such attacks. Hospitals in California and Kentucky were targeted last year, with a Los Angeles hospital paying more than $17,000 to have its computer network and all of its digital medical files restored by the hackers. Other victims throughout the U.S. and Europe have included a municipal utility, companies, schools, law firms, and police departments.

The Institute for Critical Infrastructure Technology found in a recent study that ransomware is threatening to "wreak havoc on America's critical infrastructure community" and said that it was the digital version of a "centuries old criminal tactic."

Brandstaetter said that he had decided to make the attack on his hotel known so that others would be more vigilant.

He also said that the hotel was thinking about replacing its electronic keys with old-fashioned door locks and real keys to guard against future attacks.

"The securest way not to get hacked," he said, "is to be offline and to use keys."