Akira Ransomware Group: A Threat to GCH Hotel Group's Data Security

Incident Date:

April 30, 2024

World map

Overview

Title

Akira Ransomware Group: A Threat to GCH Hotel Group's Data Security

Victim

GCH Hotel Group

Attacker

Akira

Location

Berlin, Germany

, Germany

First Reported

April 30, 2024

Ransomware Attack on GCH Hotel Group by Akira: An In-depth Analysis

Company Profile

The GCH Hotel Group, officially known as GCH Hotels GmbH, is a leading hotel management company based in Berlin, Germany. With a significant presence in Europe, the company operates over 120 hotels across Germany, Belgium, Cyprus, Austria, and the Netherlands. It manages more than 15,000 hotel rooms and accommodates over three million guests annually. The company is renowned for its collaboration with major franchise brands including Wyndham, Radisson Blu, and Hilton, among others.

Employing approximately 289 individuals, GCH Hotel Group reported an annual revenue of $11.8 million in 2024. The company is distinguished by its comprehensive range of services such as sales & marketing, e-commerce, and IT support, which contribute to its robust operational framework.

Details of the Ransomware Attack

The company recently fell victim to a ransomware attack orchestrated by the Akira ransomware group. During the attack, approximately 45 GB of sensitive data was exfiltrated, including personal documents of clients, non-disclosure agreements, and various financial documents. The specifics of the ransom demand have not been disclosed, highlighting the ongoing investigation and response efforts.

Akira Ransomware Group Profile

Akira, a ransomware family that emerged in March 2023, is known for its affiliation with the defunct Conti ransomware gang. The group employs double extortion tactics, which involve stealing data prior to encrypting the victim's systems. Akira's operations have expanded to include targeting Linux-based VMware ESXi virtual machines, showcasing their adaptability and technical prowess.

The group's ransom demands typically range from $200,000 to over $4 million, and they have claimed over 250 victims with ransomware proceeds amounting to $42 million as of January 2024.

Potential Vulnerabilities and Entry Points

The hospitality sector, including companies like GCH Hotel Group, often manages vast amounts of personal and financial data, making them attractive targets for cybercriminals. Potential vulnerabilities could include insufficient cybersecurity measures on VPNs, outdated software systems, or inadequate employee training on phishing and other cyber threats. Akira's known methods of attack, such as credential theft and lateral movement, suggest that these could have been potential entry points in the GCH Hotel Group's network.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.