Hackers infected the door locks at Romantik Seehotel Jägerwirt, a ski hotel in the Austrian Alps, with ransomware, allowing them to lock guest room doors until their demands were met, Bleeping Computer reports. Because fire regulations mandate that electronic locks open manually from the inside, and because doors can be opened from the outside in the event of a power failure, guests were not locked in or out of their rooms. However, they were unable to use their room keys, and workers at the hotel’s front desks could not issue new working room keys due to the ransomware. The hotel’s management opted to pay the ransom of two bitcoins (valued between $1,600 and $1,800, according to multiple sources) so that the hackers would release the locks.
According to Mashable, the hotel had been targeted by at least three different cyberattacks over the past year. Hospitals, schools and libraries have also been victims of ransomware attacks in recent years, with the FBI reporting that costs to victims from ransomware have risen to $209 million in the first three months of 2016, up significantly from $24 million for all of 2015.
Tony Neate, a former British police officer and cybercrime specialist and now CEO of security charity Get Safe Online, told the New York Times that demands in ransomware schemes are usually pitched low enough to get the victims to acquiesce. That strategy means, however, that hackers who use ransomware must conduct dozens of attacks a day in order to make the scheme financially viable. Neate said he counsels victims not to pay, because doing so could encourage further attacks and that the funds used to pay the ransom could fund criminal activity or terrorism.
In order to prevent future attacks, management at the Romantik Seehotel Jaegerwirt is considering replacing its electronic keys with old-fashioned mechanical locks, the Times reports.