Cl0p Ransomware Gang Claims Breach of Hilton, Allegedly Stealing 48.5GB of Data
The Russia-linked ransomware group Cl0p has added Hilton, one of the world’s largest hotel chains, to its dark web leak site, alleging a successful cyberattack. The claim, posted on January 25, lists hilton.com as the latest victim, though no independent verification or data samples have been provided to confirm the breach.
Cl0p, known for its double-extortion tactics, typically steals and encrypts victim data, then threatens to publish it unless a ransom is paid. In this case, the gang claims to have exfiltrated 48.5GB of documents from the Hyatt Place Chelsea New York hotel, making the data publicly accessible for download. The group’s unusual communication style posting demands on its dark web blog rather than contacting victims directly may stem from being overwhelmed by the volume of attacks.
Hilton, which operates over 600 properties across 94 countries and boasts 195 million loyalty program members, represents a high-value target due to its vast trove of customer and corporate data. Ransomware groups often calculate demands based on a victim’s revenue, with initial ransom requests ranging from 0.05% to 5% of annual earnings Hilton reported $11.7 billion in revenue in 2023.
While Cl0p has a history of high-profile attacks, including breaches of file transfer platforms that impacted thousands of organizations, Hilton has not publicly confirmed the incident. The gang’s claims remain unverified, and no details about the type of data allegedly stolen have been disclosed.
This follows a recent ransomware attack on another U.S. hotel chain, underscoring the growing threat to the hospitality sector. Despite a 2021 law enforcement crackdown, Cl0p has resurged, operating under a ransomware-as-a-service (RaaS) model, where affiliates deploy its malware in exchange for a cut of ransom payments.
Source: https://cybernews.com/security/cl0p-hilton-hotel-ransomware-attack/
Hyatt cybersecurity rating report: https://www.rankiteo.com/company/hyatt
Hilton Worldwide cybersecurity rating report: https://www.rankiteo.com/company/hilton-worldwide
"id": "HYAHIL1769446839",
"linkid": "hyatt, hilton-worldwide",
"type": "Ransomware",
"date": "6/2021",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Hospitality',
'location': 'Global (headquartered in the U.S.)',
'name': 'Hilton',
'size': '600+ properties, 195 million loyalty program '
'members',
'type': 'Hotel chain'},
{'industry': 'Hospitality',
'location': 'New York, U.S.',
'name': 'Hyatt Place Chelsea New York',
'type': 'Hotel'}],
'data_breach': {'data_exfiltration': True,
'type_of_data_compromised': 'Documents'},
'date_publicly_disclosed': '2024-01-25',
'description': 'The Russia-linked ransomware group Cl0p has added Hilton, one '
'of the world’s largest hotel chains, to its dark web leak '
'site, alleging a successful cyberattack. The gang claims to '
'have exfiltrated 48.5GB of documents from the Hyatt Place '
'Chelsea New York hotel, making the data publicly accessible '
'for download. Hilton has not publicly confirmed the incident.',
'impact': {'data_compromised': '48.5GB of documents'},
'investigation_status': 'Unverified',
'motivation': 'Financial gain (double-extortion tactics)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Cl0p'},
'references': [{'date_accessed': '2024-01-25',
'source': 'Cl0p dark web leak site'}],
'threat_actor': 'Cl0p',
'title': 'Cl0p Ransomware Gang Claims Breach of Hilton, Allegedly Stealing '
'48.5GB of Data',
'type': 'Ransomware'}