Omni Hotels Hacked: Daixin Gang Demands Ransom

by ·

The cybercriminal group Daixin Team has claimed responsibility for the recent attack on the Omni Hotels & Resorts network and threatens to release confidential customer information unless a ransom is paid.

Omni Hotels operates 50 hotels and resorts across the USA, Canada, and Mexico, boasting over 23,550 rooms and 28 golf courses. The hotel chain was listed on the group’s darknet data leak site after a massive failure paralyzed the company’s IT systems, affecting reservation systems, electronic room locks, and payment processing systems.

On April 3rd, Omni Hotels confirmed that the system outage was caused by a cyberattack. The company stated that since Friday, March 29th, it has been responding to the cyberattack. Upon discovering the issue, the company promptly took measures to disable systems to protect and isolate the data.

Most systems have now been restored, and Omni Hotels has commenced an investigation with the involvement of external cybersecurity experts. While the nature of the incident has not been officially disclosed, sources indicate it was a ransomware attack that required manual restoration of servers from backups.

On April 14th, the company announced that the attack might have affected limited information related to a specific group of clients. According to Omni Hotels, the affected data does not include sensitive information (such as payment details, financial information, or social security numbers) but may contain the customer’s name, email address, home address, and information about the Select Guest loyalty program.

Although Daixin Team has already added the hotel network to their leak site, there is no evidence yet of the stolen information being published on the site. However, the hackers threaten to soon post data allegedly stolen from Omni Hotels’ servers, “including details of all guests from 2017 to the present.” Daixin Team have posted screenshots demonstrating a database dump containing information on 3,539,089 hotel visitors, including names, email addresses, and home addresses.

The group is already known for its ransomware attacks on the US healthcare sector, involving the encryption of systems and theft of medical and personal information. The stolen data is then used to pressure victims into paying a ransom.

Daixin Team gains access to target networks using known vulnerabilities in VPN servers or compromised VPN credentials, particularly those accounts where multi-factor authentication is disabled.

In 2022, the cyber extortionists of Daixin Team conducted a successful attack on AirAsia Group. A representative of the group claimed they had obtained the personal data of 5 million passengers and all employees of the airline.

Tags: