Romantik Seehotel Jägerwirt, a luxury lakeside hotel in the Austrian Alps, has announced that it was forced to pay thousands of dollars in Bitcoin after it was hit with a ransomware attack last week. The story, first reported on Saturday in Europe's English-language digital news service, The Local, claimed that the attack had left hotel guests locked in their bedrooms until the ransom was paid.
"This is totally wrong," hotel owner Cristoph Brandstaetter told Motherboard. "It was just a normal cyberattack and no guests were locked in."
Ransomware is a type of cyberattack where data on a user's computer is encrypted and the computer essentially becomes useless until a ransom is paid to the attacker, usually in a cryptocurrency such as Bitcoin. Whether or not the attacker will actually unlock the computer after this ransom is paid is a matter of chance.
According to Brandstaetter, the ransomware attack had locked the hotel out of all of its computers until a €1500 ($1600) fee was paid to the attackers. At the time, the hotel was at capacity, but all 180 guests who had checked in prior to the cyberattack were able to get in and out of their rooms because the owners were able to open the doors with their internal system, which wasn't networked with the infected computers.
The main problem, according to Brandstaetter, was the hotel was unable to issue new key cards to guests who arrived during the 24 hours that the hotel's reservation system was down. Ultimately, Brandstaetter was forced to pay the ransom after failing to secure help from the police.
"The police told us that we are one of many companies hacked recently," Brandstaetter said. "They are trying to figure out who made the cyberattack."
Although the hotel's computer systems were restored after the ransom was paid, Brandstaetter suspected the attackers had left a backdoor into the system and would attempt another ransomware attack. He was unable to confirm this, however, because "nobody, not even the police, found the backdoor." Still, Brandstaetter worked with a cybersecurity company to update their security systems and replaced all the computers that were affected by the attack.
But even though Brandstaetter is confident in the hotel's new and improved cybersecurity measures, he wants to take the security measures a step further. "With our next modernization, we are planning to change the key system so that we go back to old, normal keys," he said.
Brandstaetter's description of the recent cyberattack on the hotel as "normal" is telling. This is the third time the hotel has been targeted by ransomware in under a year, a nuisance that cost the hotel thousands of dollars during the previous two attacks last summer.
The attack on the Romantik Seehotel is by no means extraordinary. According to a recent report from the security company Kaspersky, ransomware attacks increased threefold worldwide during 2016, which means a ransomware attack occurs about once every 40 seconds. While these attacks tend to target businesses, they've also been used to extort individuals like a NASCAR crew chief and even other ransomware developers. According to Brandstaetter, warning others about the increasing danger of ransomware is the reason he decided to go public about the attack on the hotel.
"We made it public because we have many colleagues and other companies who have had these cyberattacks," Brandstaetter said. "It's not just our hotel at all."