What the WannaCry hack teaches hotels about data

This weekend, more than 300,000 computers across more than 150 countries were stricken with ransomware, dubbed "WannaCry" by its creators. With this year's HITEC conference just around the corner, the event brings to mind a simple but crucial bit of advice from a panel last year on combating hackers and data thieves: Don't pay the ransom.

It may be too little, too late at this point, but if you spoke with any technology security expert in the past two years he or she would have told you the hospitality industry, and the U.S. at large, was overdue for a large-scale ransomware attack. Ransomware, for those not in the know, is a virus uploaded onto a device that locks it down, demanding payment to the hackers in charge. If no payment is delivered, they threaten to delete all the data from the systems under their control.

So who is at fault for the WannaCry debacle? It's difficult to say, but currently Microsoft and the U.S. National Security Agency are playing the blame game. The WannaCry virus spread through business networks due to a vulnerability in Microsoft's Windows operating system, and Microsoft is claiming the NSA lost control of the software behind WannaCry in April. Meanwhile, the NSA and many Windows users claim it is up to Microsoft to ensure its systems are protected against attacks.

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


However, Microsoft did release an update protecting users against WannaCry in March, more than a month before the outbreak. So how was the attack so successful? Last year at HITEC, Caleb Hurd, hacker and senior developer for children's website Elf on the Shelf, said too many companies fail to update their computers' security on a consistent basis, and that any missed update is a potential vulnerability. What's more, many companies are still using outdated operating systems such as Windows XP or Vista, which receive irregular security updates at best (Microsoft had to whip up a new update for XP users this week in the face of WannaCry, for example).

Furthermore, avoiding ransomware is tricky. In fact, it's so tricky that one malware file was able to hit 57,000 computers at once, and can masquerade as familiar files users send for business-related reasons, such as .zip, .jpg or .doc. The best-case scenario for companies with infected machines is to have a recent data backup on hand, standing their ground and wiping their machines. Unfortunately, frequent data backups rarely occur and companies are often left high and dry.

Don't pay ransom; it emboldens hackers and doesn't guarantee your data will be returned to you.

So if your hotel is hit with ransomware and you risk losing all your information without a backup available to you, why not pay?

For one, ransomware is perpetrated by criminals, so there is no promise that control of your systems will be returned to you even if you pay.
"I very much doubt anyone would return your contact request, bearing in mind the attention that is now on this," professor Alan Woodward from the University of Surrey told the BBC in a statement. "If anyone pays this ransom they are more than likely going to send Bitcoin that will sit in an address for ever more. No point."

Second, every successful payment only serves to embolden future hackers. If 57,000 computers seems like a lot, it's only a drop in the ocean compared to the number of currently vulnerable systems out there. And for businesses looking to remove WannaCry manually, a process does exist via BleepingComputer, but getting rid of the malware won't restore access to encrypted files, meaning anything locked up by WannaCry before backing up is still out of reach.

This event outlines the biggest threat hotels face with regard to growing data: The need for consistent backups. With every new hack comes a new level of sophistication, and unfortunately a new hack can always be expected in the future. This is because, as WannaCry has proven once again, hackers are more eager to access our files than many of us are to keep them out.

Suggested Articles

The partnership aims to help restaurants streamline online orders from apps like GrubHub, UberEats, DoorDash, Chownow, Caviar, Postmates and others.

Two conferences traditionally held in the first half of each year are rescheduling for the second half.

In October, visitor arrivals were down 90.4 percent compared to 2019 and hotel occupancy was below 20 percent.