With the limited information we could gather on the root cause, WiFi seems to be a conduit to carry out the attack. However, by itself, WiFi or any of its components do not seem to be vulnerable.
Apparently the attack gets seeded into the server, that is hosting some portal, by an unknown mechanism, that lands onto the client device when hotel guests connect via WiFi (during portal-based registration).
This is purely malware with remoting via C&C, which is best handled via security firms specializing in malware detection and prevention. We've read that the impact has been limited to less than a few dozen hotels. However, the exact count is difficult, since the self-erasure technique seems pretty sophisticated.
