Science

Hackers Locked Up a Ski Resort and Held It Ransom for Bitcoin

Management at the four-star resort will soon go back to old-school locks.

by Cassie Kelly

A getaway weekend full of thrills on the slopes and presumably chill vibes quickly turned to panic and frustration when guests at a four-star hotel in Austria were suddenly locked out of their hotel rooms by computer hackers who took over the digital locking system — and demanded thousands in bitcoin before they’d open the doors.

The 111-year-old Hotel Jägerwirt was hacked this past weekend at the height of its tourist season: the hotel was completely booked with visitors who traveled from across the globe to experience the Kitzbuhel Mountains. In addition to taking over the locks, the ransom infection also jammed the system that handles new reservations, checks in new guests, and resets key cards for rooms.

A flashing screen demanded 1,500 euros — about $1,600 — in bitcoin. Even with 10,000 euros invested in the high-tech security systems, the hotel managers couldn’t fend off the hackers. Meanwhile, guests were lined up at the front desk, waiting to get into their rooms.

“The house was totally booked with 180 guests. We had no other choice,” Managing Director Christoph Brandstaetter told The Local. “Neither police nor insurance help you in this case.”

Brandstaetter said it was cheaper and easier to just hand over the ransom. Once they did, the smart locks and computers were unlocked. But the hackers — who remain anonymous — didn’t stop there. They also attempted to leave a backdoor entrance to strike again, said Brandstaetter, but the computers were replaced before it could happen.

This is the third time Jägerwirt has been hacked, the last incident was in the summer of 2016. They also are not the only ones: three other hotels in the region have been extorted this season.

Cyber attacks like this are becoming increasingly common as cryptocurrency like bitcoin and hackers carve out a shadow economy on the deep web. Bitcoin has no geographical boundaries and no “bank” to control the regulation, so the rates fluctuate. (Right now, a single bitcoin is about $922.) Bitcoin are also encrypted so there is no way to track where they travel, or who they are going to, leaving no suspects for investigators to track.

“The restoration of our system after the first attack in summer has cost us several thousand Euros,” said Brandstaetter. “We did not get any money from the insurance so far because none of those to blame could be found.”

To counteract the attacks, the Jägerwirt ski resort has had to resort to old-school methods: Hotel management is replacing all of the smart locks with traditional twist-and-lock keys and resorting back to keeping reservation logs on paper. For now, it appears the stone age is the only place businesses like Jägerwirt are safe.