Ransomware Seizes Control Of Electronic Lock System In Austrian Hotel

Roland Moore-Colyer,

The cyber attack highlights how digital malware can make its presence known in the physical world

In one of the more unusual cyber attacks, ransomware nearly brought chaos in an Austrian hotel after it infected the computers controlling the electronic key lock systems.

According to Austrian news site ORF, the Romantik Seehotel Jagerwirt, a four star hotel in the Austrian Alps popular with skiers, had become infected with ransomware for the third time at a time when it was booked to capacity with 180 guests.

Hotel hack attack

ransomwareThe ransomware seized control of the hotel’s reservation, cash desk, and electronic lock systems and demanded the sum of two Bitcoins, some 1,500 Euros (£1,280), in order for the hackers to release the systems from the ransomware’s control.

While the locking systems was disabled, it did not trap any guests in or out of their rooms, as the fire safety regulations require electronic key locks to open from the inside and the ransomware caused the locks to shutdown completely meaning people could get into their rooms, and potentially the rooms of other guests, from the outside.

Rather than attempt to overcome the ransomware, the hotel’s management opted to pay the Bitcoin ransom and gain back control over their systems before the guests became suspicious that something was not quite right.

However, once the ransom was paid a fourth attack was aimed at the hotel, but systems had been taken offline to prevent a repeat situation.

The hotel management has now decided to return to more traditional lock and key mechanisms in order to avoid such hack attacks in the future.

The rise of ransomware is almost unstoppable, and while there are ways to avoid getting infected with such malware, the attacks are becoming more sophisticated and are targeting all manner of organisations including the NHS, an organisation already beleaguered with outdated computers and budget cuts that would prevent it from paying out big ransoms.

Some organisations opt to wipe their systems rather than be extorted by hackers, such as the St Louis libraries authority, which choose to lose data across 17 of its libraries rather than pay cyber criminals a hefty £28,000.

Such is the threat, disruption and extortion brought on by ransomware, it comes as no surprise that researchers are exploring new ways to tackle the malware.

Quiz: Are you a security pro?