US travel management company CWT paid $4.5 million in Bitcoin to hackers who stole sensitive corporate files. CWT has a global clientele and is the fifth-largest US travel company. The firm boasts an estimate of $1.5 billion in annual revenue and claims that it represents more than a third of companies on the S&P 500 US stock index.
The Firm Had No Other Choice
According to the Reuters report, the hackers hijacked CWT’s computer system, stole sensitive corporate files, and knocked computers offline as they were demanding a ransom to be paid. The attackers used ransomware identified as Ragnar Locker that encrypts and renders computer files unusable until the corporate victims pay for access to be restored.
The company confirmed the attack but refused to comment on the details regarding what it stated was an ongoing investigation. The firm said that it temporarily shut down its IT system as a precautionary measure after suffering a cyber-security breach on July 27.
In their ransomware note left on infected CWT computers, the hackers said to have stolen two terabytes of files, including security documents, financial reports, and employees’ personal data like salary information and email addresses.
However, hackers allegedly exaggerated that they infected 30,000 computers. The company said that no traveler and customer information has been compromised.
The ensuing ransom negotiations between a CWT representative and the hackers remained publicly accessible in an online chat group, thus providing some insight into the uneasy relationship between cybercriminals and their corporate victims.
The hackers initially demanded $10 million to be paid to restore the company’s files and delete all the stolen data.
The CWT representative engaged in the negotiations said they were acting on behalf of the company’s chief financial officer. The representative mentioned that the firm had been adversely affected by the coronavirus outbreak and agreed to pay $4.5 million in Bitcoin. Cryptocurrency transactions on the Public Ledger indicate that an online wallet controlled by the hackers obtained the requested payment of 414 Bitcoin on 28th July.
Rampant Ransomware Attacks
Ransomware attacks are on the rise and indicate no sign of slowing down. Despite the increased attention given to public headlines against cybercriminals, ransomware attacks have become a serious and consistent threat to businesses and private firms. Such attacks are known to cost billions of dollars every year, either in recovery costs or extorted payments.
Cybersecurity experts advise the general public to keep their data back-ups secure and to stop paying ransoms as this encourages further criminal attacks without a guarantee that the encrypted files would be restored.
Image source: Shutterstock