A ransomware infection has wreaked havoc at Romantik Seehotel Jägerwirt, a four-star hotel in the Austrian Alps, on the lip of the Turracher Höhe mountain lake.
The incident took place earlier this month and hit the computer managing the hotel’s electronic key lock system, reservation system, and the cash desk system, according to local media.
As a result, the electronic door locking system went down, new electronic room keys couldn’t be issued, and new arrivals couldn’t be confirmed as guests.
Nobody got locked in their rooms
Fire code regulations all over the globe mandate that electronic key locks to open manually from the inside, which means no guest was locked inside their rooms. Additionally, electronic key systems are also created to handle power failures, so there was a way to open the doors from the outside, meaning no one was locked out either.
According to Austrian news site ORF, the hotel was fully-booked with 180 guests. According to hospitality news site Allgemeine Hotel- und Gastronomie-Zeitung, at the time the ransomware took root, all the hotel’s guests were on the local ski slopes.
The hotel’s management, opted to pay the ransom, which was 2 Bitcoin, around €1,500 ($1,600) at the time, both sources reported.
Hotel manager plans to replace “smart locks” with “classic locks”
“We were hacked, but nobody was locked in or out,” said the hotel’s Managing Director Christopher Brandstaetter. “For one day we were not able to make new keycards.”
“Since the locking system must work even in the event of power failure, the guests in the hotel almost did not notice the incident,” the manager also added. “We simply could not issue new keycards because the computers were encrypted.”
Brandstaetter said the hotel plans to replace the electronic key system with classic keys in the upcoming future.
According to Brandstaetter, shortly after the ransomware incident, someone tried to infect the hotel once more, but they took their systems offline.
Last week, the police department in Cockrell Hill, Texas admitted to losing years worth of evidence in a ransomware incident. The department decided not to pay and wipe computers, losing all the data along the way.