Ransomware Infects a Hotel's Key System

An anonymous reader writes: A luxury hotel "paid "thousands" in Bitcoin ransom to cybercriminals who hacked into their electronic key system. The "furious" hotel manager says it's the third time their electronic system has been attacked, though one local news site reports that "on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, and return to old-fashioned door locks with real keys. But they're going public to warn other hotels -- some of which they say have also already been hit by ransomware.
UPDATE: The hotel's managing director has clarified today that despite press reports, "We were hacked, but nobody was locked in or out" of their rooms.

Re: Yay, connectivity and IoT

[ShanghaiBill]

Was it connected to the internet?

Apparently. According to TFA, the hackers were able to lock all the doors, trapping some guests in their rooms. I don't see how they could have done that if the locks were not accessible over the internet.

I know nothing about Austrian law, but in America this lock system would have been ILLEGAL, and I am astonished that something like this was ever designed and installed. It is a blatant violation of every fire code I have ever seen. Locking people out is fine, but you NEVER NEVER NEVER lock people IN, nor do you ever design something where human safety depends on software or electricity. Egress should always be possible using only mechanical means.