Table of Contents
Will the Akira Ransomware Assault on Steigenberger Hotels Cause Lasting Damage?
A significant cyberattack reportedly struck the H World Hotel Group—including Steigenberger and other brands—in late May 2025. While official confirmation is pending, multiple indicators and insider claims point to a ransomware incident attributed to the Akira group, a well-known cybercriminal organization targeting global businesses.
Attack Scope
The attack allegedly affected multiple hotels, particularly in Germany, with key systems such as key cards, payment terminals, and reservation software rendered inoperable. Manual booking processes were reportedly implemented as a stopgap. The Akira ransomware group is suspected based on internal communications, though no public confirmation or leak has surfaced yet.
Data Compromised
Sensitive information, including booking data, invoices, voucher codes, and unencrypted credit card details, may have been exfiltrated and encrypted. The absence of recent data backups has exacerbated the crisis, with backups reportedly discontinued years ago for cost reasons.
Operational Impact
Central systems failed, causing significant disruption to hotel operations. The group’s official German website experienced intermittent outages, and the press contact form was non-functional.
Historical Context
H World Group, formerly Huazhu Hotels Group, is a major Chinese hospitality conglomerate operating over 11,000 hotels worldwide under brands such as HanTing, JI Hotel, Orange Hotel, Hi Inn, Steigenberger, IntercityHotel, Ibis, and others. The group previously suffered a major data breach in 2018, affecting 130 million guest records.
About Akira Ransomware
Akira is a ransomware-as-a-service operation active since 2023, notorious for rapid data exfiltration and double-extortion tactics—encrypting files and threatening public data leaks if ransoms are not paid. The group targets organizations globally, including critical infrastructure and hospitality, and has extracted tens of millions in ransom payments. Akira’s attacks often exploit VPN vulnerabilities and lack of multi-factor authentication, and the malware can impact both Windows and Linux systems.
Key Risks and Implications
Customer Data Exposure
Potential exposure of personal and financial information, including unencrypted credit card data, poses severe risks for affected guests and corporate clients.
Business Continuity
Disruption of core hotel operations, loss of digital booking capabilities, and manual workarounds can damage the brand and result in financial losses.
Regulatory and Legal
The lack of data backups and storage of sensitive data in plain text may lead to regulatory scrutiny and penalties under data protection laws.