ALPHV/BlackCat ransomware gang has claimed to breach Westmont Hospitality Group, one of the world’s largest privately-held hospitality business in the world. The ransomware group claims to have access to 262GB of company data.
According to the note posted on the leak site of the ALPHV/BlackCat ransomware gang, January 31, 2023, is the deadline for ransom payment. The gang claims to have accessed the data on December 23, 2022.
The business website of the hospitality group was accessible at the time of publishing this report. Westmont Hospitality Group is yet to respond to the request from The Cyber Express to comment on the situation.
Westmont Hospitality Group and the scale of breach
The Canada-headquartered business, founded in 1975, has ownership or operating license in 500 hotels across three continents. Currently, Westmont is the leading co-owner and franchisee operator of IHG hotels and Hilton hotels worldwide.
The group has operation tie-ups with other top hotel brands such as Fairmont, Accor, Wyndham, Starwood, Renaissance, Choice Hotels, Best Western, and Radisson.
The ransomware leak site post does not mention the targeted geography, but claims to have access to financial and corporate documents, customer data, employee contacts, archives of corporate mails, and financial documents among others.
Alphv Black Cat breaches the largest privately-held hospitality company in the world, Westmont Hospitality Group.
Global franchise arrangements and locations around the world with Hilton, Hyatt, Marriott…
/whg.com#cybersecurity #infosec #ransomware pic.twitter.com/wguIWue9E6
— Dominic Alvieri (@AlvieriD) January 28, 2023
Many hotel brands associated with Westmont have experienced data breaches or cybersecurity situations over the past few months.
IHG, the multinational hospitality company that owns various brands such as InterContinental, Crowne Plaza, and Holiday Inn, announced in September that its IT systems have been hacked.
The company’s disclosure filed at the London Stock Exchange stated that “parts of the company’s technology systems have been subject to unauthorized activity.”
User data of Hilton Hotels recorded in 2017 was put on sale on a dark web forum this week.
“At this time, we can confirm that the 3.7 million records referenced relate to data for approximately 500,000 Honors Members, accounting for less than 0.5 percent of our overall membership,” the hotel group spokesperson told The Cyber Express.
Westmont Hospitality, the latest ALPHV/BlackCat target
Westmont Hospitality Group is the latest among the long list of ALPHV/BlackCat targets. It is the first widely known ransomware written in Rust.
The ransomware gang leverages previously compromised credentials of targets for initial access to the systems of the intended victims. Once it gains access, the malware compromises Active Directory user and administrator accounts.
“The malware uses Windows Task Scheduler to configure malicious Group Policy Objects (GPOs) to deploy ransomware. Initial deployment of the malware leverages PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim’s network,” said an FBI Flash alert on the ransomware group.
The MS-ISAC, an organization that monitors and analyzes cyber threats, has noticed an increase in BlackCat activity, reported the Center for Internet Security shortly after the Flash alert.
The incident was discovered when an employee reported being locked out of their email account, and a password reset did not solve the issue. Upon further investigation, it was found that the attacker had also encrypted files and wiped the organization’s backups.
“The organization ultimately succeeded in restoring the domain controllers and a couple of servers. They weren’t able to recover anything else. During the course of an internal investigation, the point of contact learned that the BlackCat group had likely been responsible for the attack,” said the CIS report.