Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached.
IHG is a British multinational company that currently operates 6,028 hotels in more than 100 countries and has more than 1,800 in the development pipeline.
Its brands include luxury, premium, and essential hotel chains such as InterContinental, Regent, Six Senses, Crowne Plaza, Holiday Inn, and many others.
"InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company's technology systems have been subject to unauthorised activity," the company said in a filing with the London Stock Exchange on Tuesday.
"IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing."
The global hotel group has hired the services of external experts to investigate the incident and is also notifying relevant regulatory authorities.
Signs of a ransomware attack?
While the company did not reveal any details regarding the nature of the attack, it did mention in its disclosure that it's working on restoring impacted systems.
This hints at a possible ransomware attack where the threat actors have deployed ransomware payloads and encrypted systems on IHG's network.
In most ransomware incidents, the attackers will also steal sensitive information from their targets' networks before encryption.
This is later used in double extortion schemes where the victims are pressured into paying a ransom under the threat of leaking the stolen data.
"IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident," IHG added.
"We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly."
Last month, the Lockbit ransomware gang claimed an attack on Holiday Inn Istanbul Kadıköy, one of the hotels operated by IHG.
From BleepingComputer's tests, the hotel group's APIs are also down and showing 502 and 503 HTTP errors.
Customers are also unable to log in at the moment, with IHG's app displaying "Something is wrong. The credentials you entered are invalid. Please reset your password or contact Customer Care." errors.
Cybercrime intelligence company Hudson Rock says that IHG has at least 15 compromised employees and more than 4,000 compromised users, according to data linked to the ihg[.]com domain.
An IHG spokesperson denied commenting when contacted by BleepingComputer earlier today, saying that "outside of the statement, we don't have any more that we can say at the moment."
Source: Bleeping Computer
- aum and Karlston
-
2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.