Youth hostels apparently victims of ransomware gang Hunters
At the end of August, around 450 German youth hostels were disrupted. The cause was unclear. Apparently, a ransomware attack was to blame.
Around three weeks ago, the German Youth Hostel Association (DJH), which includes around 450 youth hostels, experienced computer problems, as reported by regional media. According to these reports, the hostels' servers went down on August 30. Now the ransomware group Hunters has claimed on the darknet to have broken into the youth hostels and copied large amounts of data.
SWR reported at the beginning of the month that invoicing and bookings were not working and doors could not be opened due to non-programmable key cards. According to the report, there had been a serious technical fault. The computer center was paralyzed as a result. The causes will be investigated later; a spokesperson would neither deny nor admit an IT attack.
Criminal organization in the Darknet claims attack for itself
Hunters now claims to have copied a large amount of data. They also appear to have paralyzed the IT system using ransomware. Although the criminals do not state the amount of money demanded on their website, they only give the hostels a few hours to publish the data if they do not pay.
In the darknet entry from the ransomware group Hunters, icons describe that the leak contains private data, personally identifiable information and financial and customer data. The copied data is said to be 29.3 GB in size. Screenshots to prove authenticity cannot currently be enlarged – the waiting period, 11 hours at the time of reporting, probably has to expire first. The perpetrators are building up more pressure in their news section. There, the group writes in a three-day-old entry that it wants to delete decryption keys this week. "We would like to inform anyone who may be affected that we will be deleting the decryption software including keys from any non-paying company this week. If anyone intends to pay, now is the time to do so," it says in the news section.
It is not yet possible to verify whether the cybergang has actually broken into the German youth hostels. The youth hostels were not immediately able to respond to an inquiry. The responsible data protection officer from North Rhine-Westphalia has also not yet responded to questions from heise online. We will update this report as soon as we receive answers.
Cyberattacks are now a daily occurrence. At the beginning of the month, for example, the cyber gang Ransomhub attacked the US gas and oil service provider Halliburton. IT security companies are also among the targets of attacks. The antivirus company Dr. Web initially took its virus signature update servers offline at the beginning of the week following a cyberattack, but has since been able to restore normal operations, according to its own statements.
(dmk)