WastedLocker Locked Down ‘Boyne Resorts’ Booking Systems

By Bill Toulas / October 24, 2020

The WastedLocker ransomware group has moved in a way that proves how targeted these crooks are, attacking the ski and golf resort operator ‘Boyne Resorts,’ just as the ski season is about to begin in the United States. Right now is a time when the reservations peak, as skiers are booking themselves ski sessions, teachers, hotel accommodation, etc.

At this moment in time, hitting Boyne Resorts is catastrophic for their business, as their eleven ski locations in the USA and Canada are now running the risk of operating below maximum capacity for extended periods.

This is all happening to increase the heat and force the victim to pay the ransom as quickly as possible, without being in a position to calmly negotiate anything. While the company hasn’t published anything official about this incident, its booking portals remain down, and the problem appears to persist since last week.

It is also unknown if WastedLocker managed to steal any files for purposes of controlled leakage like customer details, including PII and payment data. However, in this particular case, keeping the reservations system down should be enough for their extortion to work convincingly.

Ski resorts are generally experiencing a downfall, as the rising temperatures resulting from climate change are pushing activities to higher elevations and thus higher costs for both the visitors and the resort owners. Also, the economy isn’t favoring higher-cost sports like skiing, so the audience is gradually shrinking. According to the National Ski Areas Association in the US, ski and snowboard participants peaked in 2010 and have been falling steadily every year since then.

All that said, this ransomware attack will only make things even worse for Boyne Resorts and the business of skiing, and the 10,500 employees of the firm, many of which are seasonal, may see their salaries cut or even their jobs lost due to this security incident.

WastedLocker has had some high-profile successes lately, with the most notable being the Garmin attack in July, which resulted in an extensive service outage. In June, the group showed signs of preparing for attacks against large firms based mainly in the United States, and the relevant warnings to apply security and protection methods like network layering and segmentation were published.

Seeing the effect that the latest attack had on Boyne Resorts and how all of the individual booking systems of its hotels were affected at the same time, the company has most likely not followed proper security practices and has not taken the required protection measures.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari