Ransomware locked hotel out of its electronic key lock system

Guests at a luxury hotel were locked out of their rooms until the hotel paid the ransom

A 4-star hotel in the Austrian Alps, the Romantik Seehotel Jaegerwirt, admitted to bowing to extortion after ransomware locked up the computer running the hotel’s electronic key lock system.

This was not the first time cyber thugs attacked the hotel. During one of the attacks, the hackers reportedly left a backdoor into the system.

The third attack occurred during the opening weekend of the winter season. The computer hit with ransomware controlled the electronic key lock system, the reservation system and the cash desk system.

Guests, who paid about nearly $300 a night for a room, could not open their rooms with their existing keycards, and new keycards could not be programmed. Arriving guests also couldn’t have their reservations confirmed.

Christoph Brandstaetter, the managing director of the 111-year-old hotel, told The Local, the hotel opted to pay the ransom.

“The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance help you in this case,” he said.

The hotel decided “it was cheaper and faster” to cough up the ransom.

After the attackers received the ransom, roughly $1,600 ($1,500 euros), they unlocked the computers so the hotel could function again. That seems like a rather low ransom demand for a luxury hotel, with a translated version of RT Deutsch reporting the amount was “1.5 million euros in Bitcoin.” Most outlets report the amount paid earlier this month was $1,500 euros.

Brandstaetter claimed that other “colleagues” – assuming this means hotels – have also suffered ransomware infections and paid the ransom. The Romantik Seehotel Jaegerwirt decided to go public about the attacks to raise awareness. It believes more should be done about cybercrime, as this type of attack isn't going away anytime soon.

“The restoration of our system after the first attack in summer has cost us several thousand euros,” Brandstaetter added. “We did not get any money from the insurance so far because none of those to blame could be found.”

The hotel has allegedly been hit with ransomware four times, the last happening one day before a new firewall was to be installed. The hotel responded by taking their systems offline and replacing all the computers in the hotel.

Bye-bye, smart locks. Hello, old-fashioned keys.

Furthermore, the next hotel upgrade will actually include a technology downgrade, as the hotel will go “back to the technology-less age.”

Brandstaetter said, “We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers.”

Copyright © 2017 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!