So far, the Conti ransomware has not demanded any ransom or published any details of the ransomware attack on their official website.
A popular Scandinavian hotel has confirmed becoming a victim of a targeted cyberattack from the Conti ransomware gang. It is worth noting that Nordic Choice has branches around 200 locations in Finland, Scandinavia, and the Baltics with brands like Comfort, Clarion, and Quality.
About the Attack
The attack reportedly occurred last Thursday, on 2 December. As per Nordic Choice’s press release, the incident impacted its IT systems. Nordic Choice Hotel’s press release didn’t mention any issue with room keys, but the hotel management revealed that its systems were hit by Conti ransomware.
The scope of the attack was expanded to Nordic Choice Club members and currently staying guests at the hotel. A guest staying at the hotel posted on Twitter that the hotel staff was personally escorting guests to their rooms as the key cards weren’t working. This indicates that the incident impacted the hotel’s guest reservation and room key card systems.
Turns out the hotel I’m staying at is affected by ransomware and my key card doesn’t work. 🙃 pic.twitter.com/F4dYa9iQ8q
— Runa Sandvik (@runasand) December 5, 2021
Furthermore, the hotel claims members may find it difficult to log in to their Nordic Choice Hotels accounts to manage or book reservations, apply reward points, and may have to book stays without logging in.
What Information was Leaked?
The leaked data may consist of “name, email address, telephone number, date of the visit and any information the guest may have provided in connection with their visit.” According to Nordic Choice Hotels representative, there is no evidence to believe that passwords or payment data were exposed or obtained.
“Our investigations do not currently give any indication that data has been leaked, but we can’t guarantee that is the case. Therefore, the incident entails a risk that information about the guests’ bookings may be lost,” the hotel’s press release stated.
The rep claims that guest booking-related information could have been leaked due to which guests currently staying at the hotels had to wait for a longer period at check-in. “The hotel systems that handle reservations, check-in, check-out, and creation of new room keys” were impacted in the incident, hotel claims.
Conti Didn’t Make A Ransom Demand.
Nordic Choice hotels have implemented replacement solutions at most of their hotels for smooth maintenance of hotel operations and notified Norwegian authorities (the Norwegian Data Protection Authority and the Norwegian National Security Authority) the same day the incident occurred. The hotel has also informed current, previous, and future guests about the risk of data theft.
“We do not know for sure yet, but since we see that there may be a risk that such information is leaked, we choose to inform about it now so that our guests can be extra alert to any suspicious text messages, phone calls, or emails,” the press release read.
Moreover, the hotel authorities stated that they hadn’t yet tried to contact the attackers, and they also haven’t contacted the firm or made a ransom demand as yet.
Conti gang has targeted many organizations this year, including a large-scale attack on the Health Service Executive of Ireland and Broward County Public Schools in the USA, where they made an outrageously high ransom demand of $40 million.