Omni Hotels & Resorts said a cyberattack was responsible for disruptions to systems that caused chaos across its 50 upmarket properties over the busy Easter period.
While a ransomware gang appeared the likely culprit of the attack, the company has yet to confirm the cause and no group has come forward publicly to claim responsibility.
Omni, which operates a total of about 23,550 rooms across its sites in the U.S. and Canada, said the attack struck on Good Friday, March 29.
“Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data. As a result, certain systems were brought offline, most of which have been restored,” the company said in a statement on its website.
“Omni quickly launched an investigation with a leading cybersecurity response team, which is ongoing.”
The hotels and resorts continued to operate, although customers reported being unable to make reservations and guests vented their frustrations about long check-in delays as staff resorted to paper-based processes, and room keys not working.
The company said it was continuing to work on determining the full scope of the attack “including impact to any data or information maintained on Omni systems”.
“Our investigation into the incident remains ongoing and we are working with external specialists in this process.”
Sources told BleepingComputer the incident was a ransomware attack and that the company was working to restore encrypted servers from backups.
Ransomware attacks on hospitality industry often occur during holidays
Hospitality and accommodation chains are popular targets for ransomware gangs because the disruption and revenue loss the attacks cause puts significant pressure on the victims to pay large ransoms in order to recover their systems. To apply even more pressure, such attacks are often timed for busy holidays.
Last year’s attack by the Scattered Spider gang on MGM International cost the company around $100 million.
“Not only are there operational issues when ransomware impacts organizations such as this, there can also be significant issues related to data loss and potential for a breach,” said Erich Kron, security awareness advocate at KnowBe4.
“Since a majority of modern ransomware not only encrypts the files, but also takes a copy of them where they are used for leverage in ransom negotiations, there’s a good chance that customers of Omni hotels may have some or most of their information in the hands of the attackers.”
Jess Parnell, chief information security officer at Centripetal, said with cyberattacks continuing to become more sophisticated, organizations should implement strong network segmentation and access controls to mitigate the impact of attacks, preventing them from spreading across the entire organization.
“Utilizing preemptive protection solutions powered by threat intelligence can provide real-time insights into emerging threats, enabling organizations to proactively defend against attacks,” he said.
Kron and Parnell both said with phishing lures being a common attack vector used by ransomware gangs, it was important for organizations to train staff in identifying and reporting phishing attempts.
“It’s also more critical than ever that organizations have Data Loss Prevention (DLP) controls in place to help ensure that data is not easily transferred to the attackers,” Kron added.
In a 2016 security incident that also impacted many of its North American properties, Omni reported that hackers infected point-of-sale systems at the hotels and resorted with malware, enabling the criminals to gather customers’ payment card information over several months.
