Omni Hotels confirms cyberattack behind ongoing IT outage

In response to this incident, Omni took down impacted systems, and its IT teams are now working on restoring and bringing them back online.

"Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems. Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data," the hotel chain told BleepingComputer.

"As a result, certain systems were brought offline, most of which have been restored. Omni quickly launched an investigation with a leading cybersecurity response team, which is ongoing."

While Omni has yet to reveal the nature of the attack, sources have told BleepingComputer that the hotel chain was the victim of a ransomware attack and is currently in the process of restoring encrypted servers from backups.

At this time, no ransomware gang has claimed responsibility for the cyberattack. However, if Omni Hotels does not pay a ransom demand, the gang will claim the attack and start leaking stolen data to further extort the company.

According to Omni employees, the IT team is now manually restoring affected systems from scratch, and hotel staff have been informed that systems will be available again on Thursday, April 4.

Reservations and credit card payments impact

The outage triggered by the cyberattack brought down many of Omni's services on Friday, March 29, impacting its reservation, hotel room door lock, and point-of-sale (POS) systems.

While all Omni locations have remained open and accepting new guests after the cyberattack, front desk employees have been experiencing issues with credit card payments, new reservations, and modifying already-made reservations.

"Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down," Omni Hotels said on Monday, April 1.

Omni Hotels owns 50 hotels and resorts across the United States, Canada, and Mexico, with roughly 23,550 rooms and 28 golf courses.

In 2016, the company also disclosed a data breach after attackers infected point-of-sale (PoS) systems at 49 of its 60 hotels in North America with malware.

The PoS malware was used to steal payment card information, including the cardholder's name, credit/debit card number, security code, and expiration date, between December 23, 2015, and June 14, 2016, depending on the affected location.

Source: bleepingcomputer.com