Reading Time: 2 minutes

Oregon’s luxury resorts are known for providing the most aesthetic views and being hospitable. Unfortunately, due to a recent incident, many guests have been perturbed and the hotel management is also trying its best to handle the situation.

One of Oregon’s most prominent luxury destinations was hit by an odd sort of cyberattack. As a result of which the hackers have been in possession of employee information and a ledger of guests. They have been posting confidential information online in an attempt to gain ransom from the hotel.

A threat analyst for New Zealand cybersecurity firm Emisoft said:

“It’s not a new strategy. It’s just the way they are implementing it that is new … by putting it on the public internet in an easily searchable form. As far as I’m aware this hasn’t been done before.”

As per reports, the hackers have apparently breached The Allison Inn & Spa in Newberg. They’ve demanded the owners’ open negotiations in order to keep the employee and guest records private. The cybercriminals seem to have gotten their hands on 1500 employees and former employees, and over 2500 reservation records for this year alone.

The hackers made the stolen information from The Allison public through a domain registry from XYZ. On the other hand, the website suspended its activities on Wednesday of its own accord.

Operations Vice President Jocelyn Hanc said:

“We have suspended the domain to prevent further harm. The activities of the domain were a clear violation of the XYZ Anti-Abuse policy.”

The Allison said it has taken the attack into account and has begun notifying victims. Lonny Watne, the inn’s finance director specifically stated that The Allison will provide identity monitoring service and reimburse the victims with credits.

According to Watne:

“We conducted a full investigation with the help of outside cybersecurity experts, and that investigation determined that some personal information was subject to unauthorized access. The security of the information in our care is one of our highest priorities, and we have already taken important steps to help prevent this from happening again.”

Although, The Allison didn’t respond whether or not it has paid the ransom demanded by the hackers or if it intends to do so.

The attack has been unusual in nature as cybercriminals typically publish the stolen data on the “dark web,” and to access the dark web, you need special browsers, and the data certainly doesn’t show up casually, as it does in an online search.

In this case, the stolen data was posted on a public website and easily found through a single Google search result. The data includes the dates of guests’ stays, employee birthdays, phone numbers, and even the SSNs.

As per Callow, the attack seems to be a kind of experiment by the hackers who are trying out tactics to see which ones the victims fall for and pay the ransom. He also warned that such a practice may become common and as a result, private information would be made public more often.

“They’re likely doing this to see how much it moves the needle in their favor,” Callow said. “Their intention may not simply be to try to squeeze the money out of The Allison. It may also be to pressure their future victims who look at what happened to The Allison and think, ‘I don’t want to go through that.’”

According to Callow, the attack could’ve been carried out by ALPHV/BlackCat ransomware organization. He believed there’s no reason they should’ve targeted The Allison specifically. It was just a crime of opportunity.

“More often it’s the case that someone opened a spam email they shouldn’t have opened or a server doesn’t get patched,” Callow said.

Callow assured that the guests staying at The Allison don’t need to be too alarmed as the shared information is only about their duration of stay and the amount they paid for it.

On the other hand, employees are at risk as much of their confidential information was made public. Security experts say in such cases people should contact the national credit bureaus and report identity theft, and fraud alerts, and freeze their credit cards.