Conti Ransomware Targeted Nordic Choice Hotels, Although No Ransom Demand Made Yet

Conti Ransomware Targeted Nordic Choice Hotels, Although No Ransom Demand Made Yet

Nordic Choice Hotels has verified a cyber intrusion by the Conti ransomware gang on its systems. The hotel’s guest reservation and room key card systems are the most affected by the incident.

Although there is no evidence that passwords or payment information were compromised, information about visitor bookings may have been exposed. The Scandinavian hotel group employs approximately 16,000 people and operates 200 hotels in Scandinavia, Finland, and the Baltics under the Comfort, Quality, and Clarion brands.

The Nordic Choice Hotels company revealed earlier this week that on Thursday, December 2nd, its IT systems were infected with a “computer virus.” The hotel’s reservation services, which handle check-in, check-out, payments, and bookings, were disabled due to the incident.

Even though the hotel’s personnel had moved to manual methods for business operations, visitors were warned to expect delays. In a subsequent blog post, the hospitality group confirmed that the incident affects Nordic Choice Club members and current hotel guests. 

The hospitality group contacted law enforcement officials, notably the Norwegian Data Protection Authority and the Norwegian National Security Authority, about the incident. It also issued a press release stating: 

“Our investigations do not currently give any indication that data has been leaked, but we can’t guarantee that is the case. Therefore, the incident entails a risk that information about the guests’ bookings may be lost.”

“This information consists of name, email address, telephone number, date of the visit and any information the guest may have provided in connection with their visit. There is no indication that card or payment information has been leaked.”

Although the hotel group cannot be sure that there was no data breach, the choice to be honest and tell its members about the occurrence is an attempt to keep them informed of any questionable communications — texts, messages, phone calls, or emails — that may be aimed at them.

The hotel chain has “chosen not to contact” the threat actors behind the breach at this time, and they have not received a ransom demand from the Conti ransomware gang. Some hotel facilities may continue to encounter delays with check-in, check-out, and reservation operations for the next several days while the firm works with law enforcement to resolve the cyberattack.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.