The State of Ransomware Attacks in the Hospitality Industry

Ransomware attacks pose serious cybersecurity risks for companies in the hospitality industry, which is a broad sector that includes hotels, tourism agencies, restaurants, and bars. Common to these distinct businesses are direct interactions with paying customers who regularly use credit/debit cards for transactions. 

The need to collect sensitive data and the proximity of these businesses to paying customers makes the hospitality sector a prime ransomware target. Whether by causing operational disruption or exfiltrating sensitive data, threat actors know that successful attacks can wreak havoc on victim organizations. This article explores the state of ransomware in hospitality. 

Ransomware Dangers in Hospitality

Hospitality companies depend heavily on digital technologies to handle business-critical operations, including processing payments, accounting, and reserving tables/rooms. In hotels, this use of technology even extends to providing key-card access to rooms using computer-controlled technology. 

The computer systems used in hospitality, such as POS systems, and the networks they are connected to are vulnerable to ransomware attacks. Threat actors often regard hospitality companies as easy prey for locking down systems with malware that ultimately leads to large ransom payments. 

The hospitality sector is still reeling from the after-effects of the pandemic; hotels, bars, and restaurants saw steep decreases in customers almost overnight lasting several months.  A serious breach of customer data, costing an average of $4.2 million per incident, could tip any hospitality company over the edge. 

Recent Ransomware Attacks on Hospitality Businesses 

The potential damage of ransomware in hospitality was first noted in the mainstream news back in 2017 when luxury Austrian hotel Romantik Seehotel Jagwir became the victim of an attack that targeted its key card systems. Depending on the location of guests at the time, many were either locked out of or into their rooms for up to ten hours. Several ransomware incidents in recent times have targeted hospitality companies and made media headlines: here are four of them worth learning from. 

Techotel, June 2021

In June 2021, an interesting ransomware incident hit hotel management software provider Techotel. The Denmark-based company provides IT solutions for hotels, inns, conference centers, hotel chains, and restaurants. The ransomware attack impacted the ability to conduct normal check-in and check-out operations at hundreds of hotels. 

The intrigue here stems from the fact that Techotel essentially live-blogged its response to the incident, including details of ransom negotiations with the perpetrators. With 250 servers and their data locked down, the company tried to pay the ransom via bank transfer, which was refused because the perpetrators wanted the anonymity provided by cryptocurrency. 

According to Techotel CEO Klaus Ahrenkilde, the size of his company left no choice but to pay: “We cannot break the encryption. We are a small company, with hundreds of hotels affected.” Shockingly, it still took up to a month for the restoration of data to be complete and for Techotel’s software to become functional again. 

Epsilon Red, May 2021

Epsilon Red is not the name of a hospitality organization targeted by ransomware—it’s a new ransomware strain uncovered by investigating a cyber attack on an unnamed hotel. According to the investigation, this new ransomware strain resulted in a payment of 4.29 Bitcoin on May 15th, 2021, which at the time was worth over $200,000. 

The discovery of any new ransomware strain is always a cause for concern. This particular attack used Microsoft Exchange servers as an initial entry point before executing a PowerShell script to set the foundation for the final payload that infected multiple systems. It’s worth keeping a close eye on news headlines over the coming months for further incidents involving this dangerous new ransomware strain. 

Edward Don, June 2021

Edward Don is a leading distributor of food service equipment and supplies. This equipment includes kitchen supplies, bar supplies, and dinnerware that many hospitality companies depend on to service customers. The ransomware attack on Edward Don impacted phone and email systems, which resulted in employees having to use personal Gmail accounts to communicate with partners and vendors about urgent orders. 

The Edward Don attack demonstrates another way that ransomware can severely impact hospitality businesses without directly hitting their IT systems. A new restaurant depending on an urgent delivery from Edward Don may not have even been able to open their doors if this attack delayed their order. As with many other sectors, the supply chain is also a point of vulnerability worth considering in your operational and IT security plans.  

CWT, July 2020

US-based travel management company Carlson Wagonlit Travel (CWT) became the victim of a devastating ransomware attack in July 2020 that rendered up to 30,000 computers unusable. 

The ransom note indicated that the particular type of ransomware was Ragnar Locker, which affects devices running Windows, the world’s most widely used operating system. Ragnar Locker uses a double extortion technique wherein attackers exfiltrate data and threaten to publish it on the dark web if the victim doesn’t pay up. The Ragnar Locker file is only 55 kilobytes in size, yet its impact is vicious. News reports in the aftermath of this attack indicated that CWT paid $4.5 million to get encrypted systems back and avoid having stolen data published online.  

Ransomware Prevention Tips 

Taking a reactive approach to ransomware is a risk that hospitality companies can’t afford to take. Aside from the recovery costs, the direct reputational impact of a customer data breach serves to influence customers to seek competing firms that they may deem as less risky. Here are some ransomware prevention tips for hospitality companies to consider:

  • Adopt a security-first culture among all your staff that educates them on basic cybersecurity best practices, spotting different types of attacks, and reporting incidents. 
  • Make sure everyone is aware of the dangers of phishing emails, which often provide an entry point for ransomware attacks by fooling recipients into clicking links or downloading files. Protect against these phishing emails using dedicated security solutions that can filter them out. 
  • Update all software and operating systems in a timely manner, including POS software. Many ransomware attacks start by exploiting unpatched software vulnerabilities, so proper patch management is a quick win in your defenses. 
  • Implement prudent access controls so that employees don’t get too much access to different information systems. The principle of least privileges means giving access to only those assets strictly ended to perform job duties. To use an example, don’t give your barman admin access to a POS system.
  • Be wary of IoT threats. An increasing number of hospitality businesses use Internet-connected devices, such as smart televisions and coffee makers in hotels, and temperature sensors in commercial kitchens. Secure these devices properly by not using default passwords and by applying updates when they are available. A recent cybersecurity conference featured a presentation by a security researcher easily hacking a capsule hotel by exploiting IoT flaws. 
  • A comprehensive data backup and business continuity strategy is as much a preventative defense as it is reactive. If you can easily restore your data and swiftly resume critical business operations by temporarily using cloud infrastructure, you’re already well-prepared for successful attacks when they occur. For smaller hospitality companies, engaging with a security services provider can provide the expertise needed to develop a robust business continuity plan. 

 

Wrapping Up

Malicious ransomware groups will continue to try and exploit the networks of hospitality companies partly because there’s still a prevailing perception that this sector is less cyber aware than, say, finance or healthcare. It’s critical to start preparing for ransomware attacks today and adopt prevention strategies whether you run a hotel or a small local restaurant chain. Even if a perception of weakness wasn’t there, ransomware would still be a threat due to the volume of sensitive data that hospitality businesses store in their systems.  


To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.