Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS

3.5 million Omni Hotel guest details held to ransom by Daixin Team


The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.

In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn't work, and all phone systems and Wi-Fi were offline.

Some customers reported having to text their hotel's front desk to be let into their rooms and waiting "30+ minutes for an employee to get there and unlock it."

According to the firm, it took eleven days to restore systems across its properties, with staff working "tirelessly around the clock."

There will inevitably be more work to do to reduce the chances of similar attacks happening again.

As we've explained before on this blog, knowing how to respond, especially in the first 48 hours after a cyberattack, is crucial. The best approach is to take proactive measures and have emergency plans in place in advance because it's not a matter of if, but when, your business will suffer a ransomware attack.

Make sure to read Exponential-e's step-by-step guide on ransomware remediation.

Omni Hotels hasn't shared details of the specific nature of the cyberattack in its official advisory, but it resembles a ransomware attack. Sure enough, a ransomware group called the Daixin Team has claimed responsibility.

Daixin Team has been responsible for a number of high-profile attacks. They attacked AirAsia, where they described the airline's infrastructure as "chaotic" and its IT security as "very very weak". They also were responsible for the theft of personally identifiable information and personal health information from US organisations, and multibillion-dollar conglomerate B&G Foods.

The gang often follows through with its threat to leak the data it exfiltrates.

The latest post on the extortion gang's dark web leak site states that Daixin Team claims to have stolen the details of approximately 3.5 million Omni Hotels guests (2017-present) and is threatening to release it soon if the chain does not meet the demands.

Online reports indicate that the Daixin Team ransomware gang has provided evidence of gaining access to some Omni Hotels & Resorts customers' personal details, including names, postal and email addresses, loyalty program information, and last stay, but not payment details.

According to screenshots of online negotiations between Omni Hotels and its attackers, the Daixin Team has reduced its initial ransom demand from $3 million to $2 million - but there is no indication that the hotel chain intends to pay.

Omni Hotels has been targeted by hackers before. Between December 2015 and June 2016, the chain suffered a data breach after the point-of-sale (PoS) systems were infected by malware that stole payment card details.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Related Posts