Late November last year, San Francisco subway passengers were welcomed by free rides. The free rides were provided by the municipal transport agency but not exactly at will. Instead, they were forced to take the ticketing machines and gates offline to avoid causing trouble to commuters after their systems were infiltrated by hackers for 1000 bitcoin ransom.
Cybercriminals often target organisations where more is at stake and there is a possibility to exert pressure to get money. In a similar attack, Romantik Seehotel Jaegerwirt, a 4 star hotel in Austria was forced to pay thousands in Bitcoin ransom to cybercriminals who attacked their systems and locked many guests out of their rooms.
The hotel management shares that they decided to go public with the news to highlight the potential threats and warn others of the danger. They want to see more done to tackle the criminals as the hotel industry continues to increase dependence on technology to boost guest experience.
The hotel was attacked for the third time and the attackers managed to take down the entire key system preventing guests from entering their rooms and new keys being programmed. At the opening weekend of the winter season and full occupancy, the hotel was left with no option but to pay in that situation. Insurance company couldn’t help either. Of course that got the attackers to circle back but the hotel had upgraded the systems after bringing in experts to fix the vulnerabilities.
A significant increase was registered in ransomware attacks over last year and it is quite probably that many organisations didn’t reveal the incidents for obvious reasons. The increase in number of victims that pay and don’t report to avoid negative PR have also shifted more cybercriminals in the arena. While that is not the case here, higher number of connected devices is also to blame for new cybersecurity threats. IoT has long been tagged as the next big thing but ubiquitous data collection and hardware challenges can pose threat. Major tech companies are pushing for high security standards but you can’t really do much about the tech that was deployed before identifying the challenges. It is crucial for the organisations to invest resources to identify the challenges and prepare before they are cornered into doing so. It is good that the hotel decided to go public with the news and it should serve as a wake-up call for others.
Also read: The internet of malignant things
