Nordic Choice Hotels|Conti-Nordic

Hotel chain switches to Chrome OS to recover from ransomware attack

A Scandinavian hotel chain that fell victim to a ransomware attack last month said it took a novel approach to recover from the incident by switching all affected systems to Chrome OS.

Nordic Choice Hotels, which operates 200 hotels across Northern Europe, fell victim to a ransomware attack on December 2, when hackers encrypted some of its internal systems using the Conti ransomware strain.

The attack prevented staff from accessing guest reservation data and from issuing key cards to newly arriving guests, as one of the hotel's guests told The Record in an interview last month.

Hotel chain uses CloudReady to migrate affected systems

But in a press release today, Nordic Choice said that instead of contacting the hackers and negotiating a ransom for the decryption key that would have unlocked the infected devices, the hotel chose to migrate its entire PC fleet from Windows to Chrome OS.

"[I]n less than 24 hours, the first hotel was operating in the Chrome OS ecosystem from Google. And in the following two days, 2000 computers were converted all over the company consisting of 212 hotels in five different countries," the hotel chain explained.

For the migration process, Nordic Choice said they used a tool called CloudReady, which can prepare and port old Windows and macOS computers to Chrome OS setups.

Kari Anna Fiskvik, VP Technology at Nordic Choice Hotels, said the hotel had already run a pilot program to test the tool before the attack as a way to save money by reusing old computers with a less-demanding OS.

"So when we suddenly had to deal with the cyberattack, the decision to go all in and fasttrack the project was made in seconds," Fiskvik said.

Nordic Choice said it plans to migrate another 2,000 computers to Chrome OS, on top of the 2,000 it migrated during the attack.

The hotel chain said they expect to save 60 million NOK ($6.7 million) by converting old computers to Chrome OS instead of buying new hardware.

The incident marks a novel approach to dealing with ransomware attacks, most of which typically see three outcomes, such as (1) the victim paying the hackers and restoring systems, (2) victims restoring from backups, or (3) victims wiping and reimaging systems from scratch.

Some of the hotel chain's data was leaked online

As for the hackers behind the attack, seeing that they would not get paid, the Conti group leaked some of the files they stole from the hotel chain's network on a "leak site" they operate on the dark web.


According to Nordic Choice, this data may contain hotel guest names, email addresses, telephone numbers, dates of the visit, and any information the guests may have provided in connection with their visit.

"There is no indication that card or payment information has been leaked," the hotel chain said last month.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.