27 February 2019, Hackers execute ransomware attack on hotel in Lucknow, India

15 March, 2019 Hotel Attacks

The Times of India on 11 March reported that hackers attacked a hotel in Lucknow, India, with ransomware. Police say it is the first such attack on a hotel in the city’s history.

At 11:45 pm on 27 February 2019, hackers breached the computer system of The Piccadily Lucknow, a five star hotel. Prateek Dubey, a cyber security specialist, said the hackers used a phishing tactic to gain access to the hotel’s computer system. Then they installed malware that encrypted the hotel’s computer data, which also blocked staff from accessing it.

As hotel staff tried to figure out what was wrong, a ransom message popped up on their computer screen, which said, “Oops, your important files are encrypted.”

Staff ignored the message and rebooted their computer system, which then crashed.

Ideal News says the next day, unknown persons from London called the hotel four times and asked staff about the cyber-attack, and then offered to help remedy the situation.

Later, a software engineer investigated and found ransomware on the hotel’s computer system, at which time another message popped up demanding Bitcoin payment, amount unknown, in exchange for releasing control of the hotel’s files. The message also offered an email address, so hotel staff could facilitate payment to the hackers.

On 9 March, Jitendra Kumar Singh, finance controller of The Piccadilly Lucknow, contacted the police cybercrime unit, which continues to investigate.

Right after this, the London callers telephoned the hotel two more times, inquiring about the attack and offering help.

At present, the police are attempting to trace the IP address of the hackers and think they might be based in London. To them, the six calls from London seem like a “lure”, or possibly an attempt by the hackers to reach out to the hotel and collect their money.

Ideal News says that the hotel’s compromised data consists of seven years of billing, inventory, and accounting files.

There are four takeaways here. First, hotels are common targets of cybercrime, as demonstrated by numerous articles and reports: see postings here, (Wyndham, 2010), here (Holiday Inn, and Renaissance/Marriott, 2014), here (Hyatt, 2015), here (Romantik Seehotel Jaegerwirt, Austria, 2017), and here (Starwood/Marriott, 2018). This is a limited sample.

Second, because of the commonality of the threat, hotels need to take precautions against phishing attacks, one of the most common, if not the most common, types of cyber tactics used against businesses and individuals around the world.

This requires regular training based on cybercrime case studies and statistics, and it needs to be kept current because phishing attacks are becoming more sophisticated at an alarming rate. For example, phishing emails perfectly mimicking common social media websites with friend or business connection requests that require the victim to log on to the site when they are already logged on are common.

Third, once a ransomeware attack happens, hoteliers should contact the authorities immediately. The sooner law enforcement can begin investigations, the sooner asset tracing/recovery (if at all) can begin, and tracking the attackers can begin as well. Additionally, if cybercriminals are not hunted by law enforcement, they will not curb their activities.

Fourth, hotels should, at the very least, apply basic cyber defenses to blunt cyber attacks of all kinds. Firewalls, virtual private networks (VPNs), secure WiFi, robust point of sale networks, intrusion detection, and data backup systems are all necessary in the current cyberthreat environment.

Sources and further reading:

London link in Lucknow hotel cyber attack,” Ideal News, 14 March 2019.

“‘Ransomware’ attack on Lucknow’s 5-star hotel, cyber-cell grapples for clues,” The Times of India, 11 March 2019.

Copyright © Muir Analytics 2019