conti attacks WELCOME HOTELS

Incident Date:

March 23, 2022

World map



conti attacks WELCOME HOTELS






Frankfurt, Germany

Frankfurt, Germany

First Reported

March 23, 2022

Welcome Hotels Ransomware Attack

Overview of the Incident

Welcome Hotels, a prominent player in the hospitality industry known for its unique combination of historical and contemporary offerings, recently fell victim to a ransomware attack orchestrated by the Conti group. This incident was brought to light through a disclosure on the group's dark web portal, which also inadvertently confirmed the company's online presence through their official website.

The hospitality firm, celebrated for its family-friendly hotels that provide a plethora of services ranging from urban explorations to wellness getaways, has a significant footprint across various German states such as North Rhine-Westphalia, Hessen, and Baden-Württemberg. While specific details regarding the scale of Welcome Hotels' operations remain undisclosed, the sector's susceptibility to cyber threats is well-documented, with hotels often being prime targets due to the potential for considerable operational disruptions and financial losses.

Analysis of the Attack

The Conti ransomware group, notorious for its bold strategies and preference for high-value targets, has openly claimed responsibility for this breach. Despite this admission, it remains uncertain whether Welcome Hotels has acquiesced to any ransom demands or if any exfiltrated data has been published.

Ransomware attacks, particularly those executed by well-organized syndicates like Conti, underscore the critical need for stringent cybersecurity defenses across all business sectors, with the hospitality industry being no exception. These incidents highlight the ongoing challenges organizations face in safeguarding their digital and operational integrity against increasingly sophisticated cyber adversaries.


Due to the dynamic nature of cyber threats and the specifics of this incident, the following sources have been consulted to ensure accurate and comprehensive coverage:

Please note that any references to potentially harmful domains have been omitted to maintain the integrity and reliability of the information presented.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.