Daixin Ransomware Claims Omni Hotels Cyberattack

Written by Mitchell Langley

April 17, 2024

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid.

This development comes after the hotel chain experienced a significant IT outage that affected their reservation systems, hotel room door locks, and point-of-sale (POS) systems. The Omni Hotels Cyberattack was confirmed by Omni Hotels on April 2nd as the underlying cause of the widespread IT disruption across their locations.

“Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems. Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data,”

“As a result, certain systems were brought offline, most of which have been restored. Omni quickly launched an investigation with a leading cybersecurity response team, which is ongoing.”

The hotel chain said in a statement.  

Although Omni Hotels had not publicly disclosed the details of the incident, reliable sources informed that the hotel chain fell victim to a ransomware attack and was in the process of manually restoring encrypted servers using backups.

Despite being added to the leak site of the Daixin Team, as initially reported by DataBreaches.net, no concrete evidence has been published on the site as of yet.

Daixin Ransomware Say They Will Leak Data Stolen in Omni Hotels Cyberattack

The Daixin Ransomware Team has issued a statement indicating their intention to release information that they claim was stolen from Omni Hotels’ compromised servers.

This includes records of all visitors from 2017 to the present. While a specific timeline for the leak has not been provided, the group did share screenshots of the stolen data with DataBreaches.net.

These screenshots revealed a database dump containing approximately 3,539,089 records of Omni Hotels visitors. The exposed information includes sensitive details such as names, email addresses, and mailing addresses.

Daixin Ransomware Team

In October 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a warning regarding the targeting of the U.S. Healthcare and Public Health (HPH) sector by the Daixin Team ransomware cybercrime gang.

This group, driven by financial motives, has been involved in various incidents where they have encrypted systems and stolen sensitive data, including patient health information (PHI) and personally identifiable information (PII).

They employ a tactic known as double extortion, which involves pressuring victims into paying a ransom by threatening to release the stolen data online.

The Daixin Team gains unauthorized access to their target networks by exploiting known vulnerabilities in the organizations’ VPN servers or by utilizing compromised VPN credentials that belong to accounts with disabled multi-factor authentication (MFA).

Omni Hotels operates a total of 50 hotels and resorts across the United States, Canada, and Mexico, boasting over 23,550 rooms and 28 golf courses.

In 2016, the company experienced a data breach caused by malware infecting the point-of-sale (PoS) systems at 49 out of their 60 hotels in North America.

As a result, the attackers were able to obtain sensitive payment card information, including the cardholder’s name, credit/debit card number, security code, and expiration date.

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!