Don’t be like Baltimore
Don’t be like Baltimore
24 MAY 2019 7:22 AM

Although not as prevalent an attack as hackers looking to steal guests’ personal information, recent news about ransomware should motive hoteliers to test their security.

As you might have seen in recent headlines, hackers are holding the city government of Baltimore hostage. They’re doing it to Greenville, North Carolina, too.

In both cases, hackers are demanding money to restore the cities’ access to crucial computer systems. In Baltimore’s case, those systems handle voicemail, email, a parking fine database as well as the ability for residents to pay water bills, property taxes and parking fines, The New York Times reports.

It doesn’t appear that hackers specifically set out to hold these cities’ computer systems hostage in particular, the article states. Rather than a targeted attack, it appears this was more opportunistic. The hackers using this piece of malware, known as RobbinHood, likely scanned online systems looking for vulnerabilities they could exploit.

In other words, someone used a program to poke at the walls of these cities’ computer systems, looking for holes and cracks it could get through. When it found a way in, that’s when they struck. It could have been any city with certain vulnerabilities.

In these instances, the hackers went after cities with their ransomware. It’s within the realm of reason that they could easily have targeted commercial industries instead, such as say, just for example, the hotel industry. While hotel companies more often see cyberattacks in the form of data security breaches, in which hackers try to gain access to guests’ personal information through point-of-sales systems and reservations systems in order to steal and sell it, hotels are no stranger to ransomware.

Do you remember the headlines from 2017 about a hotel in Austria that was the victim of ransomware? The one in which hackers attacked the hotel’s key system and locked everyone in or out of their guestrooms? The news about that cyberattack certainly got a lot of attention, even though it didn’t actually happen the way so many reported it. The attack prevented hotel staff from programming new key cards and did nothing to the locks on the guestroom doors. The hotel staff decided to switch to more traditional keys to prevent this from happening again.

Regardless, an attack and taking any of a hotel’s systems hostage is potentially incredibly disruptive. It could halt operations, prevent a hotel from taking new reservations, prevent it from checking guests in or out or any number of ways that would interrupt the regular flow of business.

The good news is that in most ransomware attacks, the hackers don’t actually care about guest data. They’re looking to interrupt enough business that will frustrate those in charge to pay the ransom to free up the systems. Depending on how much the hackers are asking for, it might seem tempting to pay the ransom to resume being able to conduct business.

The bad news is, well, a bunch of things, actually. The first thing is that it means the hotel is going to lose money. It will lose money through the actual business interruption as well as if the hackers walk away with any ransom. The other thing is that it means the hotel’s security wasn’t quite secure enough.

There’s also the possibility the hackers could decide to leave the systems locked up, or even destroy information, regardless of the outcome. Although they might promise to restore everything after receiving the ransom, you can’t exactly trust thieves.

So what should hoteliers do? It’s probably a good time to double-check with your IT folks about setting up some tests of your security systems. Hire a third-party company to come in and probe for weaknesses in your defenses similar to how these cities’ were likely scanned. The difference this time, of course, is the company you hired will let you know where there are problems so you can fix them. Hackers would do the same, but they’ll tell you about it after they’re holding your systems hostage.

How often do you test your cybersecurity? Do you think ransomware might become more prevalent? Let me know in the comments below or reach out to me at or @HNN_Bryan.

The opinions expressed in this blog do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.

1 Comment

  • Tim June 14, 2019 9:44 AM Reply

    Great article Bryan.

    You're right. In a ransomware attack the bad actors are in it for the money. They know how to leverage your data for payment. The hard reality is only 25% of the victims who pay the ransom are successful in getting their files unlocked.

    The bad actors are very good at finding blind-spots and exploiting them. Testing your defense strategy on a regular basis is mission critical.

    Find your blind-spots before the bad actors do. It could save over 10x's the cost of protection.

Comments that include blatant advertisements or links to products or company websites will be removed to avoid instances of spam. Also, comments that include profanity, lewdness, personal attacks, solicitations or advertising, or other similarly inappropriate or offensive comments or material will be removed from the site. You are fully responsible for the content you post. The opinions expressed in comments do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Please report any violations to our editorial staff.