Hotel chain Nordic Choice Hotels got attacked by the Conti ransomware

January 15, 2022
Nordic Choice Hotels Cyberattack Conti Ransomware Malware Norway Extortion

The Conti ransomware group reportedly attacked a Scandinavian hotel chain, Nordic Choice Hotels, which impacted their guest reservation and room key card systems. Despite the reports, the passwords and payment data of the hotel chain have not been affected. Experts said that the guest bookings data were leaked.

Nordic Choice Hotels is headquartered in Norway that employs more than 16,000 staff members. The firm also has 200 locations all over Finland, Scandinavia, and the Baltics.

The hotel chain announced to the public that their IT systems were breached by a computer virus that caused their hotel staff to lose access to the hotel’s reservation systems. The compromised reservation systems manage the guests’ check-in, check-out, bookings, and payment transactions.

Because of the incident, the staff of the hotel chain was forced to operate on manual procedures to carry out usual business, but they advised their guests that there would be delays to expect. Members of the hotel chain were also unable to login into their accounts to book or manage their reservations or apply their reward points. Nonetheless, they could still book without logging in.

The hotel chain also confirmed that the ransomware incident had reached the Nordic Choice Club members aside from their current hotel guests.

 

Since the hotel chain decided not to contact the Conti ransomware group, their ransom demands were not discussed.

 

The same day of the attack, Norwegian authorities had been alerted, including the Norwegian Data Protection Authority and the Norwegian National Security Authority. According to the hotel chain’s release, despite not detecting any data leak, it is not guaranteed that no sensitive data has been exposed, such as the guests’ booking information.

The booking information of the guests include names, email addresses, contact details, visit date, and all information related to the guests’ visit. Nonetheless, there is no proof that financial or payment transaction details are leaked.

Security experts who analysed Conti ransomware’s data leak pages have not found details related to the hotel chain. Therefore, it could mean that their attack might be in the initial stages, and there were no negotiations yet.

The Conti ransomware operates as a private Ransomware-as-a-Service (RaaS) group controlled by Wizard Spider, a notorious cybercrime group from Russia.

About the author