{
	"id": "ca2a462f-3c03-4210-b8c7-efd93597c557",
	"created_at": "2026-04-06T00:07:54.214381Z",
	"updated_at": "2026-04-10T03:21:00.807806Z",
	"deleted_at": null,
	"sha1_hash": "58a57714ec607f9791b972ee3aa524fd3f0e7d1a",
	"title": "Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2187402,
	"plain_text": "Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet\r\nBy Ax Sharma\r\nPublished: 2021-12-07 · Archived: 2026-04-05 17:52:23 UTC\r\nNordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group.\r\nThe incident primarily impacts the hotel's guest reservation and room key card systems.\r\nAlthough there is no indication of passwords or payment information being affected, information pertaining to guest\r\nbookings was potentially leaked.\r\nhttps://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe Scandinavian hotel chain, with its brands—Comfort, Quality, and Clarion, employs over 16,000 staff members and has\r\n200 properties across Scandinavia, Finland, and the Baltics.\r\nKey cards out of service\r\nEarlier this week, Nordic Choice Hotels group announced its IT systems were hit by a \"computer virus\" on Thursday,\r\nDecember 2nd.\r\nThe incident left the hotel staff without access to the hotel's reservation systems that manage check-in, check-out, payments,\r\nand bookings.\r\nAlthough the staff switched to manual procedures to carry out business operations, the hotel advised guests that delays are to\r\nbe expected.\r\nMembers are currently unable to log in to their Nordic Choice Hotels accounts to book and manage reservations, or apply\r\nreward points, although it remains possible to book stays without being logged in:\r\nNordic Choice Hotels systems still facing 'technical issues' (BleepingComputer)\r\nA subsequent blog post by the hospitality group confirmed the scope of the incident expands to Nordic Choice Club\r\nmembers, in addition to the current hotel guests.\r\nOne of the hotel guests, security researcher Runa Sandvik also reported key cards being out of service:\r\nNo ransom demand yet, law enforcement engaged\r\nLaw enforcement agencies including the Norwegian Data Protection Authority and the Norwegian National Security\r\nAuthority were notified of the attack by the hotel company on December 2nd—the same day as the attack.\r\n\"Our investigations do not currently give any indication that data has been leaked, but we can't guarantee that is the case.\r\nTherefore, the incident entails a risk that information about the guests' bookings may be lost,\" explains the company in a\r\nrelease.\r\n\"This information consists of name, email address, telephone number, date of the visit and any information the guest may\r\nhave provided in connection with their visit. There is no indication that card or payment information has been leaked.\"\r\nAlthough the hospitality group cannot be sure of any data leak just yet, the decision to be transparent and inform its\r\nmembers of the incident is an effort to keep them alerted against any suspicious communications—texts, messages, phone\r\ncalls, or emails, that may be directed at them.\r\nAt this time, the hotel group has \"chosen not to contact\" the threat actors behind the attack, nor have they received a ransom\r\ndemand from the Conti ransomware group.\r\nBleepingComputer also did not come across the hotel group's name on Conti's data leak pages, indicating the ransomware\r\nattack is in early stages and negotiations may not have begun yet.\r\nConti ransomware is a private Ransomware-as-a-Service (RaaS) operation believed to be controlled by a Russian-based\r\ncybercrime group known as Wizard Spider.\r\nhttps://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/\r\nPage 3 of 4\n\nConti shares some of its code with the notorious Ryuk Ransomware, whose TrickBot distribution channels they started using\r\nafter Ryuk activity decreased around July 2020.\r\nThis ransomware gang has previously targeted over a dozen healthcare and first responder organizations, and police\r\ndepartment systems.\r\nEarlier this year, Conti breached networks of Ireland's Health Service Executive (HSE) and Department of Health (DoH),\r\nasking the former to pay a $20 million ransom after successfully encrypting its systems.\r\n\"Over the weekend, we have managed to put in place replacement solutions at most of our hotels. The work is now in full\r\nswing to get everyone back into normal operation, something we think will be done within the next few days,\" says Bjørn\r\nArild Wisth, Deputy CEO at Nordic Choice Hotels.\r\nDuring the next few days, as the company works with law enforcement to remediate the cyber attack, some hotel properties\r\nmay continue to experience delays with regards to check-in, check-out, and reservation processes.\r\n\"Our customer center currently has limited opportunity to change and add bookings, but is in place to be able to answer any\r\nquestions. In that case, we recommend that you send us an email at booking@choice.no or use our website for further\r\ninformation,\" advises Nordic Choice Hotels.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/\r\nhttps://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/"
	],
	"report_names": [
		"nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet"
	],
	"threat_actors": [],
	"ts_created_at": 1775434074,
	"ts_updated_at": 1775791260,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/58a57714ec607f9791b972ee3aa524fd3f0e7d1a.pdf",
		"text": "https://archive.orkl.eu/58a57714ec607f9791b972ee3aa524fd3f0e7d1a.txt",
		"img": "https://archive.orkl.eu/58a57714ec607f9791b972ee3aa524fd3f0e7d1a.jpg"
	}
}