Austrian hotel ditching keycards after being hit by hackers

Romantik Seehotel Jaegerwirt

An Austrian luxury hotel says it’s ditching electronic room cards for old-fashioned locks and keys after having its systems frozen by blackmail-hungry hackers. The Romantik Seehotel Jaegerwirt, in the Austrian Alps, said that one recent infection with ransom software resulted in the complete shutdown of hotel computers.

The husband and wife management team said they were forced to pay roughly 1,500 euros (nearly $1,600) worth of electronic currency to restore their network.

“When the hackers got the money, they unlocked the computers, making them all run as normal again,” hotel co-manager Christina Brandstaetter said in a written statement, reports SF Gate.

The story of the hotel's hack was widely shared after several publications incorrectly reported that the ransomware resulted in guests being locked into or out of their rooms. But Brandstaetter said that the infection only resulted in new guests being unable to get keys to their rooms for “a couple hours.” New arrivals were treated to champagne and went skiing or hiking in the meantime, she said.

Tim Erlin, senior director of IT security and risk strategist for cyber security firm Tripwire, said that ransomware not only requires backups of data — it also requires a backup plan for the services affected.

“Welcome to the Internet of Things,” he said. “Connected devices provide incredible convenience, but they also provide new opportunities for compromise. Locking up computer systems may be a significant inconvenience for a hotel, but locking doors could affect guest safety. In order to be prepared, you need to have a service plan for the duration of an outage while you restore systems.”

Cybercriminals are still targeting the hotel, Brandstaetter said. The spate of electronic intrusions has prompted the hotel to upgrade and compartmentalize its network. Most dramatically, she said the hotel would eventually return to the lock-and-key system "as in times of our grandfathers."

Ransomware infections are growing at a galloping rate. Last year, European police agency Europol said it had eclipsed other forms of online theft. Officials are trying to put a stop to ransom payments, but they're up against powerful incentives to give in — and the notion that everyone else is, too.

Victims of this type of crime typically receive an email with a link or attachment that contains software that encrypts files on their computer and holds them hostage until they pay a ransom, reports the New York Times. Many of the hackers who carry out such attacks operate in Russia and Eastern Europe, according to the police, and often demand a ransom in bitcoin, a digital currency that is hard to trace.

“Ransomware is becoming a pandemic,” said Tony Neate, a former British police officer who investigated cybercrime for 15 years. “With the internet, anything can be switched on and off, from computers to cameras to baby monitors.” Still, he added, “hacking a hotel and locking people out of their rooms is a new line of attack.”