Connected devices can sometimes be a real help. When multiple systems rely on each other, however, there are times when connectivity can lead to some rather severe problems. Take last week, for instance, when a lakeside Alpine hotel in Austria fell victim to a ransomware attack: a hack that left newly arriving hotel guests unable to get into their rooms and stranded in the lobby.
The cyber attack happened on 22 January and started when hotel staff received an email demanding two bitcoins (around $1,700). Shortly after, the chaos began and the cyber attackers took control of the 111-year-old Romantik Seehotel Jaegerwirt hotel’s computer system. Locked out of the hotel’s computers, receptionists also lost their ability to create new key cards, meaning that arrivals started to pile up in the lobby.
According to Christoph Brandstaetter, the hotel’s managing director, the email began with the inquisitive remark, “Good morning?” before going on to demand the sum of two bitcoins – a ransom request that it promised to double if the amount was not paid by the end of the day. The email also specified a bitcoin wallet address where the money should be wired, before ending with a polite “have a nice day.”
With a hotel full of eager holidaymakers who had paid large sums of money to go skiing, hiking, and sightseeing, Brandstaetter was left with little choice. The hotel was fully booked, and with no other real way to get into rooms, guests began to get annoyed. Some of those arrivals had paid as much as $530 for a picturesque room with a view and a sauna. So the manager of the hotel decided he had better pay the ransom if he was going to save the day:
“The hotel was totally booked with 180 guests, we had no other choice. Neither police nor insurance help you in this case.”
Sadly, this is an all too common occurrence these days. Ransomware attacks are on the rise, and in situations like the one Brandstaetter was put in, paying the attackers is often the best option. It is for this reason, that attackers seek out victims for their ransomware attacks who are under some sort of time-sensitive pressure.
Hotels like the Jaegerwirt are a good example, but on a number of occasions greedy hackers have locked up hospital computer systems. With patients or hotel guests standing by, facilities simply don’t have the time to attempt normal cybersecurity rescue attempts, and the attackers win by checkmate.
Despite paying the ransom, the hotel manager decided to come forward to the press with the story, rather than to try and keep the attack under wraps for PR reasons. Brandstaetter’s reason for this is that he is aware that this is not the first time that this has happened to hotels in the area. He says he wants to raise awareness of the issue so that the authorities might try to find ways to better deal with the blackmail attempts.
Is Old Technology Better Sometimes?
Sadly, getting the problem under control isn’t as easy as just hoping the authorities will do something. Hotels with connected systems need to start paying better attention to cybersecurity in order to shore up their systems from these kinds of attacks. The Austrian hotel, however, has decided on a different kind of solution, and one that many people and businesses could learn from. It has decided to put old fashioned key locks back on the doors of the long-standing establishment.
This is a pretty smart move, and indeed is a piece of advice that I have myself given in the past. After all, a connected device may fall victim to hackers, whereas an old fashioned unconnected device won’t. For this reason, it is always worth asking yourself the question: is connectivity absolutely necessary in this case? If it isn’t, then the best option may be not to splash out on the latest IoT product.
The same goes for sensitive products. Connected baby monitors may seem like a massive leap forward, yet humans were raising babies successfully long before we even had the old school walkie-talkie style devices. With that in mind (and considering the scary stories that have emerged about them), perhaps a little bit of the old-fashioned can be a good thing sometimes?
The maker of the smart lock August says that he was tired of having to get a locksmith out when he lost his keys. This has literally never happened to me, so I can’t help wondering whether his house needs a smart lock or whether he just needs to start being more careful. Jason Johnson (August’s creator) also says that the final inspiration behind designing his smart lock was a scratch on the front of his mobile phone, a scratch that he claims he made with his keys. “For hundreds of years, we’ve been carrying these sharp metal objects in our pockets,” he says.
Smart Locks on Homes?
Am I the only one, however, who sees a glaring problem with August, and the fact that it is opened by an app on a smartphone? After all, August may protect his phone from key scratches, but what happens when he loses that phone and can’t get in his house? Won’t he still need to get the locksmith out?
It’s funny to think that a hotel with a huge inventory of smart locks on its doors has decided to turn away from technology in favor of traditional technology, while homeowners are being enticed into giving up a perfectly safe mechanical technology for something that could end up being hacked.
I, for one, applaud the Austrian hotel’s decision to go back to old fashioned keys. After all, as Gunter Ollmann, CSO of Vectra Networks comments,
“Organisations that pay to release their encrypted files may be repeatedly held hostage with new periodic ransomware attacks – often by the same attackers. While some may find it humorous to read commentary from the first generation of ransomware authors stating ‘it was the victim’s own fault for not having invested in their security,’ today’s professional hackers plan to distribute ransomware within their historical paying ‘customers’ as they already know the network and know what pressures they can apply to guarantee payment.”