Beware of Ransomware

Ransomware is defined by the United States Department of Justice Federal Bureau of Investigation (FBI) as a “type of malicious software designed to block access to a computer system until money is paid” (FBI, 2015). Hotels are a prime target for this type of attack. Legal authorities advise against paying the ransom, but there are many factors ultimately involved in the decision process. Most businesses would prefer to regain access to their critical computing systems by paying the ransom rather than waiting through a lengthy investigation process.

Below are several steps a business can take to prevent a ransomware attack:

  • Be Vigilant. If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
  • Backup Your Data. Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
  • Patch and Purge. Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access. (IBM, 2016)

In this modern age, having a computer system down simply cripples a business. There was a day when we did not depend on computers for everything, but today, many front-line employees at hospitality businesses have not been trained to properly handle a computer outage. The first line of defense is to train employees to prevent an attack from occurring and, secondly, to train employees on how to handle an attack. The following advice is provided by the U.S. Federal Bureau of Investigation on what to do if your computer systems are infected with ransomware.

  • Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.
  • Isolate or power-off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage and prevent worsening conditions.
  • Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.
  • Contact law enforcement immediately upon discovery to report a ransomware event and request assistance.
  • If available, collect and secure partial portions of the ransomed data that might exist.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.
  • Delete registry values and files to stop the program from loading.
  • Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.

According to the 2018 Verizon Data Breach Investigations Report, ransomware overtook all other types of malware and was the most utilized variety of malicious code in 2017.

Prevention and preparation are key. Organizations must train employees how to react in the event their hotel, club, spa or restaurant becomes crippled by this type of attack. As with any other types of cyberattacks, specific policies and procedures should be put into place and practiced on a regular basis.


Tanya Venegas, MBA, MHM, CHIA is director of customer success at HotStats based in Houston, Texas USA. Tanya served as executive director at the HFTP Americas Research Center at the Conrad N. Hilton College of Hotel and Restaurant Management at the University of Houston for more than 15 years. 

You May Also Like

About the Author: Tanya Venegas