What does the medical industry fear more than anything else? Easy. Ransomware. But even though healthcare providers are extremely vulnerable to ransomware because of their large attack surface and sensitive data, they aren’t the only ones who should be afraid of it. One hotel in Austria found that out the hard way. In fact, the ransomware attack was so effective that the hotel is getting rid of the tech they relied on before the attack and going back to century-old technology that can’t be hacked.
Hotels have the same cybersecurity vulnerabilities that any business that processes transactions does. But there’s another vulnerability that most people never even think about, and once a hacker did it was so damaging that the victim hotel is going back to lock and key. The Romantik Seehotel Jaegerwirt is a hotel in Austria that had successfully fended off two cyber attacks before, but recently a third attack was successful. The hotel’s data was totally encrypted, including the key cards that let guests into their rooms. Guests could leave their rooms, but there was no way for them to reenter since the keycard system was down. Of course, the hackers offered to restore operations for the price of one Bitcoin. (around $1600)
At any other time, guests not being able to get back into their room would’ve been a huge problem. But the hackers struck just when the hotel opened for the winter season, meaning they were at full capacity. The management had no choice but to pay the ransom. Clearly, being hacked is bad. But it’s how you respond that determines how quickly you’ll recover. If you take nothing else away from this story, this is what you need to know. After the hotel paid the ransom the hackers restored their data, but that’s not all they did. They also left a backdoor so they could launch future attacks, which they soon did. Fortunately for the hotel, they’d updated their security systems so the attack was unsuccessful and the backdoor was closed.
Once you’ve been hacked, you’re at the mercy of hackers. Even after you’ve met their demands hackers will leech every nickel and dime they can out of you. In the case of the Austrian hotel, that meant more hacks, but in other ransomware cases, it could mean not giving the victim the decryption key until more money is sent or not giving it at all. And there is nothing you can do about it once they’re inside your network. The obvious solution is to never let them in, and while that’s easier said than done you can take simple steps to make sure you’re not the lowest hanging fruit.
One simple step you can take is to never assume that hackers have no reason to hack you. Whether it is because you’re a small business or you think there’s nothing for hackers to access, thinking they can’t hurt you is a major mistake. Most people wouldn’t think hackers could cripple a hotel and completely interrupt guests stays, but hackers found a way then and they’ll continue to do it in the future. No matter what industry in, if you’re a one-person operation or you employ 2,000 people, don’t be caught unprepared when hackers come snooping around. Recognize what data is vulnerable, back it up, and invest in whoever handles your cybersecurity. And never assume that a cyber attack can’t hurt you.
That way, no matter what time of year cybercriminals come knocking on your door (and they will) you can simply smile and go back to work. Anyone who uses a computer is vulnerable, and if you don’t recognize it you’ll be saying the same thing the hotel manger said. About paying the ransom, “We had no other choice. Neither police nor insurance help you in this case.”