Inside a Ransomware Hit at Nordic Choice Hotels

Nordic Choice Hotels, a chain with more than 200 hotels across Scandinavia and the Baltic countries, is still dealing with technology problems and the fallout from a data leak after a Dec. 1 ransomware attack.

Immediately after the incident, the company shut down corporate computers, check-in desks and machines such as music systems, and disconnected computers from the internet, said Kari Anna Fiskvik, Nordic Choice’s vice president of technology.

Kari Anna Fiskvik, vice president of technology at Nordic Choice Hotels



Hotel staff recorded check-in details with pens and paper, and escorted guests to their rooms because digital keycards didn’t work, Ms. Fiskvik said. Just as hackers struck, hotel business was booming again after long pandemic-related lockdowns.

“We were a good target because we were tired already,” she said.

More than five weeks after hackers hit, glitches continue in machines that provide heating, music and other services, she said.

Nordic Choice, an independent franchisor of Rockville, Md.-based

Choice Hotels International Inc.,

operates hotels in Norway, Sweden, Denmark, Finland and Lithuania. A spokesperson for Choice Hotels International said there is no indication the attack affected its technology systems.

An investigation found that hackers had infiltrated Nordic Choice’s systems 36 to 48 hours before launching the attack through a phishing email that appeared to be sent by a tour operator in frequent contact with the company, Ms. Fiskvik said.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann