Cyberattack hits Omni Hotels systems, taking out bookings, payments, door locks

As WhatsApp, Facebook Messenger, other Meta bits plus Apple stuff fall offline today

Updated Omni Hotels & Resorts' computer systems have been offline since Friday due to what the American luxury hospitality chain called a "disruption."

Latest: We now know that a cyberattack forced the Texas-based corporation to take parts of its IT environment down, as we've reported in an update below. What follows is our article as published.

On April 1, Omni, which owns more than 50 properties across the US and Canada, confirmed it was suffering an outage via social media:

Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down. Your business is very important to us; we appreciate your patience and apologize for the disruption. Please check back here for updates.

Neither Omni nor TRT Holdings, which owns the hotel chain, could answer The Register's specific inquiries about the IT breakdown, including whether it was due to a ransomware infection and when it anticipated restoring normal operations.

As of Wednesday, the corporation's phone systems weren't working, and a pre-recorded message tells callers: "We are currently experiencing technical difficulties."

Reportedly the chain-wide outage began on Friday and shut down reservation, hotel room door lock, and point-of-sale (POS) systems.

Don't worry: Bar still open!

On Reddit, guests at locations across the country confirmed systems were broken, noted that the bar was still open (at least in the Washington DC location) —  and reminded folks to be courteous to hotel staff, who were roundly praised for their grace in what was sure to be a rough Easter weekend. 

"Checking in on paper, no card machines work, even room keys do not work," said one hotel guest who was staying at the Louisville Omni. "Everyone has to be escorted to their room by an employee and the phones and Wi-Fi are down."

Another guest said getting into your room required texting the hotel staff to unlock the door, which took 30 minutes or more.

One Reddit user, who claimed to be a "low-level" Omni employee, said their hotel was only accepting reservations made prior to the outage. The whole situation is "a mess for every party involved. It has been a very stressful work weekend," the netizen vented on the forum.

"We all feel terrible for the inconvenience for all the guests and the stress of not knowing if we'll be able to earn an income during the downed server. For all of you staying at properties, and have chosen to stay, thank you – Omni will surely lose millions over this attack and lose loyal customers. I promise my property will do anything we can to make this inconvenience as smooth as possible."

While neither the resort chain nor its parent company have indicated that cybercriminals are responsible for the downed IT systems, the outage does draw many parallels to the MGM Resorts ransomware infection in September.

Scattered Spider, the crime gang believed to be responsible for both the MGM and Caesars Entertainment digital intrusions, reportedly bragged that all it took to break into MGM's networks was a 10-minute call hoodwinking a help desk.

MGM famously did not pay the ransom demand, then suffered nearly a week of outages, operational disruptions, and the wrath of angry customers. It later said the incident cost it about $100 million in losses, plus its stolen data was reportedly leaked not long after. ®

Updated to add at 2200 UTC

Omni has admitted what many suspected: The hotel chain's computer woes are due to an attack on its IT environment, and we're told services are being restored.

"Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems," the biz said in a statement.

"Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data. As a result, certain systems were brought offline, most of which have been restored.

"As our team works diligently to restore the remainder of the systems to full functionality, we continue to welcome our guests and accept new reservations. We apologize for the disruption and inconvenience this cyberattack is causing."

A security firm has been brought in to investigate what, if any, data was lost or stolen, and the true extent of the attack.

Speaking of outages... Now Meta and Apple

If you're having problems using WhatsApp, Facebook Messenger, Instagram, and Meta's ad tools right now or earlier today, it's not you – they are or were down around the world, too.

"We are currently experiencing an outage impacting service on Messenger Platform," the social network giant said in a status update today. "This issue started at 04-03-2024 at 1110 AM PST. Our engineering teams are investigating the issue."

The Ads Transparency suite is also knackered, as is the WhatsApp Business Cloud API and the main mobile chat app, with messages being undelivered for users.

"We are aware that some advertisers may be having trouble creating or editing their ads in Ads Manager," Meta added (no pun intended). "Our engineering teams are aware and are actively looking to resolve the issue as quickly as possible."

That said, some netizens say services are coming back online and working again from being unavailable, so your mileage may vary.

Also, Apple suffered downtime today, with the iOS and macOS App Stores, Apple Music, Apple TV channels, and other services, experiencing an hour-plus outage from 1513 to 1635 PT.

Send us news

Texan construction workers put a rocket up Team SpaceX over 'unpaid bills'

'If they were to call me today, I'd tell them to f%*k off'

Google Cloud blunder sinks Australian fund for a week

That pesky 'previously unknown software bug' strikes again

Google Cloud shows it can break things for lots of customers – not just one at a time

Deleted about 40 networks that services needed, causing late Friday fun

British Library's candid ransomware comms driven by 'emotional intelligence'

It quickly realized ‘dry’ progress updates weren’t cutting it

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Three cuffed for 'helping North Koreans' secure remote IT jobs in America

Your local nail tech could be a secret agent for Kim’s cunning plan

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

Crook brags about US Army and $75B defense biz pwnage

More government data allegedly stolen by prolific criminals

FCC names and shames Royal Tiger AI robocall crew

Agency is on the lookout for a Prince among men

Cybersec chiefs team up with insurers to say 'no' to ransomware bullies

Guidebook aims to undermine the criminal business model