www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
URL:
https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/
Submission: On December 07 via api from US — Scanned from DE
Submission: On December 07 via api from US — Scanned from DE
Form analysis 6 forms found in the DOM
https://www.bleepingcomputer.com/search/
<form title="Search site" action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>https://www.bleepingcomputer.com/search/
<form action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" name="EMAIL" aria-label="Enter email address" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" aria-label="Enter email address" name="EMAIL" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process&return=https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/"
method="post">
<div class="bc_form_feild">
<label for="ips_username">Username</label>
<input aria-label="Enter login name" title="Enter login name" type="text" id="ips_username" name="ips_username" autocomplete="username">
</div>
<div class="bc_form_feild">
<label for="ips_password">Password</label>
<input aria-label="Enter login password" title="Enter login passwod" type="password" id="ips_password" name="ips_password" autocomplete="current-password">
</div>
<div class="bc_form_feild">
<div class="bc_remember">
<input id="remember" type="checkbox" name="rememberMe" value="1" checked="checked">
<label for="remember">Remember Me</label>
</div>
<div class="bc_anon">
<input id="anonymous" type="checkbox" name="anonymous" value="1">
<label for="anonymous">Sign in anonymously</label>
</div>
</div>
<div class="bc_btn_wrap">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="submit" aria-label="Login to site" title="Login" value="Login" class="bc_sub_btn">
<a aria-label="Sign in with Twitter" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter&return=https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/" class="bc_twitter_btn"><img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter button"> Sign in with Twitter</a>
<hr>
<p>Not a member yet? <a aria-label="Register account" title="Register account" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register">Register Now</a></p>
</div>
</form><form>
<input type="hidden" id="comment-id-report" value="0">
<ul>
<li>
<label><input type="radio" name="comment-report-reason" value="Spam">Spam</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Other">Other</label>
</li>
<li id="comment-report-other-reason-wrap" style="display:none;">
<textarea aria-label="Enter other reason for reporting the comment" rows="2" cols="2" id="comment-report-other-reason"></textarea>
</li>
</ul>
<p>Read our <a href="https://www.bleepingcomputer.com/posting-guidelines/">posting guidelinese</a> to learn what content is prohibited.</p>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
*
*
*
*
*
*
* News
* Featured
* Latest
* Microsoft offers 50% subscription discounts to Office pirates
* Russian hacking group uses new stealthy Ceeloader malware
* France warns of Nobelium cyberspies attacking French orgs
* Microsoft seizes sites used by APT15 Chinese state hackers
* Twitter bots monitor every tweet to push cryptocurrency scams
* Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet
* Microsoft seizes sites used by APT15 Chinese state hackers
* Eurostar tests facial recognition system on London train station
* Downloads
* Latest
* Most Downloaded
* Qualys BrowserCheck
* STOPDecrypter
* AuroraDecrypter
* FilesLockerDecrypter
* AdwCleaner
* ComboFix
* RKill
* Junkware Removal Tool
* Virus Removal Guides
* Latest
* Most Viewed
* Ransomware
* How to remove the PBlock+ adware browser extension
* Remove the Toksearches.xyz Search Redirect
* Remove the Smashapps.net Search Redirect
* Remove the Smashappsearch.com Search Redirect
* Remove Security Tool and SecurityTool (Uninstall Guide)
* How to remove Antivirus 2009 (Uninstall Instructions)
* How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
* How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using
TDSSKiller
* Locky Ransomware Information, Help Guide, and FAQ
* CryptoLocker Ransomware Information Guide and FAQ
* CryptorBit and HowDecrypt Information Guide and FAQ
* CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
* Tutorials
* Latest
* Popular
* How to make the Start menu full screen in Windows 10
* How to install the Microsoft Visual C++ 2015 Runtime
* How to open an elevated PowerShell Admin prompt in Windows 10
* How to Translate a Web Page in Google Chrome
* How to start Windows in Safe Mode
* How to remove a Trojan, Virus, Worm, or other Malware
* How to show hidden files in Windows 7
* How to see hidden files in Windows
* Deals
* Categories
* eLearning
* IT Certification Courses
* Gear + Gadgets
* Security
* Forums
* More
* Startup Database
* Uninstall Database
* File Database
* Glossary
* Chat on Discord
* Send us a Tip!
* Welcome Guide
* Home
* News
* Security
* Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet
* AddThis Sharing Buttons
Share to FacebookFacebookShare to TwitterTwitterShare to
LinkedInLinkedInShare to RedditRedditShare to Hacker NewsHacker NewsShare to
EmailEmail
*
NORDIC CHOICE HOTELS HIT BY CONTI RANSOMWARE, NO RANSOM DEMAND YET
By
AX SHARMA
* December 7, 2021
* 02:39 AM
* 1
Nordic Choice Hotels has now confirmed a cyber attack on its systems from the
Conti ransomware group.
The incident primarily impacts the hotel's guest reservation and room key card
systems.
Although there is no indication of passwords or payment information being
affected, information pertaining to guest bookings was potentially leaked.
PLAY Top Articles Video Settings Full Screen About Connatix V141495 Read More
Read More Read More Read More Read More Microsoft seizes sites used by APT15
Chinesestate hackers 1/1 Skip Ad Continue watching after the ad Visit Advertiser
website GO TO PAGE
The Scandinavian hotel chain, with its brands—Comfort, Quality, and
Clarion, employs over 16,000 staff members and has 200 properties across
Scandinavia, Finland, and the Baltics.
KEY CARDS OUT OF SERVICE
Earlier this week, Nordic Choice Hotels group announced its IT systems were hit
by a "computer virus" on Thursday, December 2nd.
The incident left the hotel staff without access to the hotel's reservation
systems that manage check-in, check-out, payments, and bookings.
Although the staff switched to manual procedures to carry out business
operations, the hotel advised guests that delays are to be expected.
Members are currently unable to log in to their Nordic Choice Hotels accounts to
book and manage reservations, or apply reward points, although it remains
possible to book stays without being logged in:
Nordic Choice Hotels systems still facing 'technical issues' (BleepingComputer)
A subsequent blog post by the hospitality group confirmed the scope of the
incident expands to Nordic Choice Club members, in addition to the current hotel
guests.
One of the hotel guests, security researcher Runa Sandvik also reported key
cards being out of service:
NO RANSOM DEMAND YET, LAW ENFORCEMENT ENGAGED
Law enforcement agencies including the Norwegian Data Protection Authority and
the Norwegian National Security Authority were notified of the attack by the
hotel company on December 2nd—the same day as the attack.
"Our investigations do not currently give any indication that data has been
leaked, but we can't guarantee that is the case. Therefore, the incident entails
a risk that information about the guests' bookings may be lost," explains the
company in a release.
"This information consists of name, email address, telephone number, date of the
visit and any information the guest may have provided in connection with their
visit. There is no indication that card or payment information has been leaked."
Although the hospitality group cannot be sure of any data leak just yet, the
decision to be transparent and inform its members of the incident is an
effort to keep them alerted against any suspicious communications—texts,
messages, phone calls, or emails, that may be directed at them.
At this time, the hotel group has "chosen not to contact" the threat actors
behind the attack, nor have they received a ransom demand from the
Conti ransomware group.
BleepingComputer also did not come across the hotel group's name on Conti's data
leak pages, indicating the ransomware attack is in early stages and negotiations
may not have begun yet.
Conti ransomware is a private Ransomware-as-a-Service (RaaS) operation believed
to be controlled by a Russian-based cybercrime group known as Wizard Spider.
Conti shares some of its code with the notorious Ryuk Ransomware, whose TrickBot
distribution channels they started using after Ryuk activity decreased around
July 2020.
This ransomware gang has previously targeted over a dozen healthcare and first
responder organizations, and police department systems.
Earlier this year, Conti breached networks of Ireland's Health Service
Executive (HSE) and Department of Health (DoH), asking the former to pay a $20
million ransom after successfully encrypting its systems.
"Over the weekend, we have managed to put in place replacement solutions at most
of our hotels. The work is now in full swing to get everyone back into normal
operation, something we think will be done within the next few days," says Bjørn
Arild Wisth, Deputy CEO at Nordic Choice Hotels.
During the next few days, as the company works with law enforcement to
remediate the cyber attack, some hotel properties may continue to experience
delays with regards to check-in, check-out, and reservation processes.
"Our customer center currently has limited opportunity to change and add
bookings, but is in place to be able to answer any questions. In that case, we
recommend that you send us an email at booking@choice.no or use our website for
further information," advises Nordic Choice Hotels.
RELATED ARTICLES:
Emotet botnet comeback orchestrated by Conti ransomware gang
US Senate Passes Bill in Response to Rampant Ransomware, CyberAttacks
TrickBot teams up with Shatak phishers for Conti ransomware attacks
FIN12 hits healthcare with quick and focused ransomware attacks
Hundreds of SPAR stores shut down, switch to cash after cyberattack
* Conti
* Cyber Attack
* Hotel
* Ransomware
* Facebook
* Twitter
* LinkedIn
* Email
*
AX SHARMA
Ax Sharma is a Security Researcher, Engineer, and Tech Columnist. His works and
expert analyses have frequently been featured by leading media outlets like
Fortune, The Register, TechRepublic, CIO, etc. Ax's expertise lies in
vulnerability research, reverse engineering, software development, and web app
security. He's an active community member of the OWASP Foundation, OpenSSF and
the British Association of Journalists (BAJ). Send any tips via email or Twitter
DM.
* Previous Article
* Next Article
COMMENTS
* BAILEYKRNEKI - 2 HOURS AGO
*
*
I saw a recommendation about this Hacker4wise, from a comment section and he
offers any hacking services. He's the greatest I've seen so far, you can get
in touch with him through WhatsApp him on +1 (305) 902‑6599 or
Digitaltechhacker @ gmail com assistance, he's very good.
POST A COMMENT COMMUNITY RULES
YOU NEED TO LOGIN IN ORDER TO POST A COMMENT
Not a member yet? Register Now
YOU MAY ALSO LIKE:
Popular Stories
* Convincing Microsoft phishing uses fake Office 365 spam alerts
* Malicious Excel XLL add-ins push RedLine password-stealing malware
NEWSLETTER SIGN UP
To receive periodic updates and news from BleepingComputer, please use the form
below.
NEWSLETTER SIGN UP
* Follow us:
*
*
*
*
MAIN SECTIONS
* News
* Downloads
* Virus Removal Guides
* Tutorials
* Startup Database
* Uninstall Database
* File Database
* Glossary
COMMUNITY
* Forums
* Forum Rules
* Chat
USEFUL RESOURCES
* Welcome Guide
* Sitemap
COMPANY
* About BleepingComputer
* Contact Us
* Send us a Tip!
* Advertising
* Write for BleepingComputer
* Social & Feeds
* Changelog
Terms of Use - Privacy Policy - Ethics Statement
Copyright @ 2003 - 2021 Bleeping Computer® LLC - All Rights Reserved
LOGIN
Username
Password
Remember Me
Sign in anonymously
Sign in with Twitter
--------------------------------------------------------------------------------
Not a member yet? Register Now
REPORTER
HELP US UNDERSTAND THE PROBLEM. WHAT IS GOING ON WITH THIS COMMENT?
* Spam
* Abusive or Harmful
* Inappropriate content
* Strong language
* Other
*
Read our posting guidelinese to learn what content is prohibited.
Submitting...
SUBMIT