Pierluigi Paganini September 30, 2023

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site.

Motel One is a German hotel chain that offers budget-friendly accommodations primarily targeted at business and leisure travelers. It is known for its stylish and design-focused hotels that aim to provide a comfortable and affordable stay for guests.

The ALPHV/BlackCat ransomware gang added Motel One to the list of victims on its Tor leak site. The group claims to have stolen 24,449,137 files, approximately 6 TB of data.

The group reported that the alleged stolen data includes booking confirmations for the past 3 years. Exposed records include customers’ names, addresses, dates of reservation, payment method, and contact information.

The ALPHV group added that stolen files also include customers’ credit card and other sensitive information.

“Dear representatives of Motel One,

Due to the lack of any response from your side, we are releasing a teaser. We have extracted 24,449,137 files, approximately 6 TB of data. This data includes PDF & RTF booking confirmations for the past 3 years (5.5 TB) containing names, addresses, dates of reservation, payment method, and contact information. Additionally, there is a significant amount of your customers’ credit card data and internal company documents, which undoubtedly hold sensitive information. The public release of this data would create a negative media frenzy around your company and pose significant reputational and legal risks.” reads the message published on the leak site. “We would like to emphasize that your management is aware of the situation but has been delaying and making excuses. We are giving you 5 days before a catastrophe occurs for your company.”

The ransomware group threatens to leak the stolen data if the company does not pay the ransom within five days.

The Alphv ransomware group has been very active in this period, recently it claimed to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, the Swissport, NCR, and Western Digital.

The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Motel One)