IHG

Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached.

IHG is a British multinational company that currently operates 6,028 hotels in more than 100 countries and has more than 1,800 in the development pipeline.

Its brands include luxury, premium, and essential hotel chains such as InterContinentalRegent, Six SensesCrowne PlazaHoliday Inn, and many others.

"InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company's technology systems have been subject to unauthorised activity," the company said in a filing with the London Stock Exchange on Tuesday.

"IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing."

The global hotel group has hired the services of external experts to investigate the incident and is also notifying relevant regulatory authorities.

Signs of a ransomware attack?

While the company did not reveal any details regarding the nature of the attack, it did mention in its disclosure that it's working on restoring impacted systems.

This hints at a possible ransomware attack where the threat actors have deployed ransomware payloads and encrypted systems on IHG's network.

In most ransomware incidents, the attackers will also steal sensitive information from their targets' networks before encryption.

This is later used in double extortion schemes where the victims are pressured into paying a ransom under the threat of leaking the stolen data.

"IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident," IHG added.

"We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly."

Last month, the Lockbit ransomware gang claimed an attack on Holiday Inn Istanbul Kadıköy, one of the hotels operated by IHG.

Holiday Inn Istanbul Kadıköy Lockbit attack claim
Holiday Inn Istanbul Kadıköy Lockbit attack claim (BleepingComputer)

From BleepingComputer's tests, the hotel group's APIs are also down and showing 502 and 503 HTTP errors.

Customers are also unable to log in at the moment, with IHG's app displaying "Something went wrong. The credentials you entered are invalid. Please reset your password or contact Customer Care." errors.

IHG app login error
IHG app login error (BleepingComputer)

Cybercrime intelligence company Hudson Rock says that IHG has at least 15 compromised employees and more than 4,000 compromised users, according to data linked to the ihg[.]com domain.

The hotel chain giant was also the target of a three-month security breach in 2017—between September 29 to December 29—when more than 1,200 InterContinental franchised hotels in the United States were impacted.

An IHG spokesperson denied commenting when contacted by BleepingComputer earlier today, saying that "outside of the statement, we don't have any more that we can say at the moment."

Related Articles:

Prudential Financial breached in data theft cyberattack

Steel giant ThyssenKrupp confirms cyberattack on automotive division

Unsaflok flaw can let hackers unlock millions of hotel doors

What the Latest Ransomware Attacks Teach About Defending Networks

Fujitsu found malware on IT systems, confirms data breach