Nordic Choice Hotels Turns Ransomware Attack into Success Story

Nordic Choice Hotels is turning a cyber-incident into a success story, announcing that a ransomware attack it suffered in December prompted the hotel chain to wipe its computers clean and switch from Windows to Chrome OS.

One of the largest hotel companies in Scandinavia, Nordic Choice Hotels suffered a ransomware attack in December that affected its guest reservation and key card systems. The hotel chain confirmed the incident a week after it discovered “a virus” infection on its IT systems infrastructure, leaving staff unable to manage reservations, check-in, check-out, payments and bookings.

‘An agile approach’

This week, the lodging giant announced that it decided to take a novel approach to the problem. Instead of paying ransom, buying new hardware or trying to return systems to their original configuration, the IT department deployed an all-new operating system on existing hardware.

“The attack was by an aggressive ransomware virus, which meant all the affected computers were encrypted and effectively unusable,” Nordic Choice said in a press release this week.

“But with guests both staying and arriving at the hotels, the company needed an agile approach and in less than 24 hours, the first hotel was operating in the Chrome OS ecosystem from Google. And in the following two days, 2000 computers were converted all over the company consisting of 212 hotels in five different countries.”

An easy decision

While most companies would probably not consider Chrome OS a viable solution moving forward, for Nordic’s business model the decision made recovery way faster and less costly than it would have normally been after such a serious incident.

By changing software instead of hardware, Nordic says it is on track to save more than 60 million NOK (6.91 million USD) and avoid 1,750 tons of CO2 emissions.

“Around 4,000 computers in total will be converted, and in addition to saving the planet climate gas emissions from producing and transporting new hardware, the company also avoids 4 tons of electronics waste,” according to the announcement. “The computers are estimated to get an extended lifespan of around 60 percent from the conversion.”

Kari Anna Fiskvik, VP Technology at Nordic Choice Hotels, says the hotel company already had an ongoing pilot project testing the feasibility of switching to CloudReady, an open-source distribution of Google's Chrome OS.

“We wanted to upgrade a large part of our computer fleet, but by converting them we could save both cost and greenhouse gas emissions, as well as increase the security level in the company,” Fiskvik says. “So when we suddenly had to deal with the cyberattack, the decision to go all in and fast-track the project was made in seconds.”

Torgeir Silseth, CEO at Nordic Choice Hotels, called it “the perfect project” for his company, given the circumstances.

Leaked data

The Conti ransomware group, which claimed responsibility for the hit, is known to have leaked files stolen in the attack as a double-extortion response to the hotel chain’s refusal to pay ransom.

According to Nordic, that data may include names, email addresses, telephone numbers, dates of the visit and any information the guests may have provided in connection with their visit.

There is currently no indication that credit card or payment information was stolen, according to the hotel chain. But, since this isn’t a certainty, both customers and hotel staff are advised to watch out for phishing attempts via text messages, phone calls or emails.