Ransomware: Hotel pays out for a third time after hackers take over its electronic locks

Hotel plans shift back to conventional keys in response to a string of ransomware attacks

Hotel guests at a luxury resort in Austria were locked out of their rooms after it was targeted with ransomware by hackers, who broke into the organisation's electronic key system and disabled the electronic locking.

And the hotel is one of just dozens in the area that have been targeted in this way, according to its managing director.

The latest attack coincided with the opening weekend of the winter season when the hotel was fully booked, and forced the Romantik Seehotel Jaegerwirt resort in Austria to pay up the ransom of €1,500 in bitcoin in order to allow guests to return to their rooms, as well as restoring access to parts of the hotel that were also locked as a result.

Fortunately, a standard safety feature of the automated system meant that guests could leave their rooms, although they would've been unable to get back in while the systems were down.

Managing Director Christoph Brandstaetter told The Local: "The house was totally booked with 180 guests, we had no other choice. Neither police nor insurance help you in this case."

However, it was the third time that the hotel has been targeted in this way, prompting Brandstaetter to finally conduct a clean sweep of the organisation's IT - finding a backdoor that the attackers had used in order to return and demand more money.

"The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found," he continued.

A fourth attempt, according to Brandstaetter, was foiled because of the IT security upgrades the organisation took following the third successful attack.

And to make sure it never happens again, when the hotel undergoes its next refurbishment Brandstaetter is planning to change the locks - to "old-fashioned door locks with real keys".

That's not as backward as it sounds with, for example, NHS trusts in the UK becoming magnets for ransomware, including Northern Lincolnshire and Goole NHS Foundation Trust just last year, while most businesses would simply pay up, according to surveys. They wouldn't, however, go on the record like the Romantik Seehotel Jaegerwirt hotel in Austria.