Experts weigh in on Omni Hotel ransomware incident

Omni Hotels & Resorts was the recent target of a ransomware attack by the Daixin Team ransomware group. The incident led to disruptions across Omni Hotels & Resorts, and the Daixin Team and claimed the theft of information pertaining to visitors from 2017 onwards. 

Security leaders weigh in

Ken Dunham, Cyber Threat Director at Qualys Threat Research Unit:

“The ongoing ransomware rampage of the past few years reflects a change in tactics, techniques and procedures (TTPs) by bad actors to ensure maximum impact and payout during an incident. 

“Two notable ransomware TTP changes occurred several years ago, where one family of code and actors began going after cheap consumer-based ransomware attacks, and the other against the “big fish” of large corporations with huge assets and pocketbooks to payout. This change in tactics occurred at the same time as the global pandemic, when many organizations rushed to the cloud without proper security, configuration or backup, creating huge opportunities for ransomware actors.

“Ransomware actors today are maximizing profits by continually improving tactics to not extort payment with only one method, like traditional encryption of files, but through multiple forms of extortion, including but not limited to exfiltration of files, “dumps” of sensitive information to the Internet, destruction of files and backups (rendering data unrecoverable), DDoS attacks and more.”

Darren Guccione, CEO and Co-Founder at Keeper Security:

“The cautious approach we’re seeing from Omni Hotels & Resorts in response to a data breach is not uncommon as the organization navigates the complexities of managing reputational damage, legal obligations and customer trust, as well as securing their systems. News of a data breach or security incident spreads quickly, with the potential to impact customer loyalty and confidence in the organization — leading to loss of customers, negative publicity and long-term damage to brand image. This unfolding situation shines a light on the challenge organizations face responding to and mitigating cyberattacks, both internally and publicly. 

“Despite best efforts, no organization is truly immune to cyber threats, but no matter how a threat actor gains access, the next step is to make sure they are unable to go any further. This can ensure that the impact of a cyberattack is isolated and causes the least amount of damage possible. Organizations large and small should implement a zero-trust architecture with least-privilege access to ensure employees only have access to what they need to do their jobs. Companies should also have security event monitoring in place.” 

Narayana Pappu, CEO at Zendata:

“The attack is already pretty significant; however, considering the ransom amount has been dropped and the systems have been restored, it is likely that Omni Group has a good backup of information. Financial information is probably protected through encrypted to PCI requirements.

“This is a new target vertical for the Daixin ransomware group. In the past, they have mainly gone after healthcare providers. And they are known to publish the user data to dark web when ransom is not paid, and it is likely that the attack was through vulnerabilities in VPN servers which has been their primary target attack vector in the past.”