Austrian hotel experiences ‘ransomware of things attack’

Toward the end of 2016, ESET senior security researcher Stephen Cobb expressed concern about the possible mingling of three different types of system abuse: holding computer systems and data files hostage (ransomware); denying access to data and systems (DDoS); and infecting the Internet of Things (IoT) with malicious code.

He hypothesized that in 2017 we would likely see instances of jackware, whereby cybercriminals not only encrypt IoT devices, but also ask for a payment to be made in order for access to be restored to the user. “Think of jackware as a specialized form of ransomware,” he said. “As a malicious software that seeks to take control of a device [whose] primary purpose is neither data processing nor digital communications.”

Only one month into the new year, and it appears that we may well have our first example jackware in 2017. According to The Local, which first revealed the story, the four-star Austrian hotel Romantik Seehotel Jaegerwirt found itself the victim of a ‘ransomware of things attack’, one that bears all the hallmarks this new threat.

Cybercriminals were able to compromise the hotel’s electronic key system, as well as all of its computers. At first it was wrongly reported that guests were locked in their rooms. Speaking to Motherboard, Cristoph Brandstaetter, owner of Romantik Seehotel Jaegerwirt, confirmed that this was not the case. When the incident took place, all 180 guests that had already checked in were still able to get in and out of their rooms “because the owners were able to open the doors with their internal system, which wasn’t networked with the infected computers”.

Where the problem lay, Brandstaetter explained, was in the hotel’s ability to be able to issue new cards to new guests, subsequent to the ransomware attack. With the local authorities supposedly unable to offer suitable and speedy assistance, the owner felt he had no other choice but to give in to the demands of the cybercriminals. Approximately $1,603 in bitcoins were handed over.

This worked. The individuals behind the incident restored access to the electronic key system, as well as to all of the computers at the hotel. While this was welcomed, Brandstaetter felt as though this was not the end of it. Convinced the cybercriminals had left a backdoor in the system, he decided to update the existing security system, as well as all of the infected computers.

Interestingly, he is now looking at “old fashioned” security methods as a suitable solution to this new, technological threat that exploits connected devices. “With our next modernization, we are planning to change the key system so that we go back to old, normal keys,” he told Motherboard.

What this story reveals is that cybercriminals are keener than ever to deploy ransomware attacks, that they are willing to target anyone and everyone – even schools are not immune to this threat – and, in an ever-connected world, to hit, in particular, IoT devices in even greater numbers.

There is still room for optimism. Cobb, while frank about the challenges posed by jackware, concluded his expert piece on a positive note: we are, in even greater numbers, becoming aware of the risks associated with, for example, IoT devices, and coupled with industry efforts to develop solutions – and even government participation in bolstering security in this area – leaves a lot to be upbeat about. However, in the interim, vigilance is required. There are plenty of vulnerabilities waiting to be exploited.

For more on the ransomware of things, see Cobb’s expert piece. The full Trends 2017 paper can be found here.

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.