European hotel chain says ransomware attack limited by quick response

One of Europe’s largest hotel companies said it limited a recent ransomware attack before it could cause serious damage.

Motel One Group — a German chain that operates 90 budget hotels in 13 countries — told Recorded Future News that it was the target of a cyberattack in recent weeks but did not say when the attack occurred.

“The unknown attackers have gained access to internal systems of the hotel operator and tried to execute a so-called ransomware attack. Thanks to measures in place the impact could be reduced to a minimum,” a spokesperson said this weekend.

“The business operation of one of Europe’s largest hotel groups was never at risk. As part of the immediate actions a certified IT security specialist was involved, and we are cooperating with public investigation and data protection authorities.”

The spokesperson added that an unknown number of customers had their address data accessed alongside details for 150 credit cards. All card holders affected by the attack were informed.

The hotel did not respond to follow-up questions about claims made by the AlphV/Black Cat ransomware gang, which added the company to its leak site on Saturday morning and said it stole 6 TB of data that included all booking confirmation details from the last three years.

The hackers said that in addition to customer contact details, they obtained troves of internal documents.

The company released a press statement on Monday that mirrored much of what it told Recorded Future on Saturday. Located across Europe, the company opened its first hotel in New York City last year.

The AlphV/Black Cat ransomware gang has been in the news in recent weeks over its attack on another hospitality giant — MGM Resorts. Everything from slot machines to restaurant management systems was brought down by the ransomware gang.

Several reports in recent weeks have spotlighted a renewed focus by hackers on the hospitality industry, which captures a wealth of personal data about guests — the kind that can be attractive to cybercrime gangs and nation-state spies alike.

A recent report from cybersecurity company Trustwave on the hospitality industry found at least 59 ransomware attacks and that the top attack method involved credential access.

This summer, a Russia-based ransomware gang stole data from global hotel chain Radisson Hotels through a vulnerability in a popular file sharing platform. In January, hotel giant Hilton confirmed that some data was stolen from its systems.

Marriott said last year that hackers tried to extort the company after 20 GB of employee and customer data was stolen from BWI Airport Marriott in Baltimore. Marriott has faced multiple breaches over the last 10 years.

The most notable hospitality attack was a 2014 breach involving the personal information of 500 million hotel guests. The company is in the midst of one of the largest-ever class-action lawsuits because of the breach.

Meliá Hotels International, one of the largest hotel chains in the world, saw its operations crippled by a cyberattack in 2021.

State-sponsored cyber-espionage groups like DarkHotel, APT28 and the Rana Group specialize in cyberattacks targeting hotels and across the world.

One group, nicknamed FamousSparrow by researchers, was implicated in attacks on hotels in France, Lithuania, the U.K. Israel, Saudi Arabia, Brazil, Canada, Guatemala, Taiwan and Burkina Faso.