Skip to content

Travel management company CWT paid $ 4.5 million for the ransomware ransom

August 3, 2020

American business travel company CWT paid $ 4.5 million in ransom money for hackers who stole sensitive corporate files.

According to a Reuters report dated July 31 CWT employees (formerly Carlson Wagonlit Travel) paid hackers 414 Bitcoin (BTC) on July 27, around $ 4.5 million at this point for two transactions. Blockchain data shows that The criminals sent the money to another address within an hour.

The attackers said they used Ragnar Locker ransomware to disable file access on 30,000 corporate computers and steal confidential data.. They initially claimed $ 10 million, but accepted less than half after a CWT representative said the company had suffered financial losses during the pandemic.

The rescue negotiations are in full swing

Travel management company CWT paid $ 4.5 million for the ransomware ransomTravel management company CWT paid $ 4.5 million for the ransomware ransom

In an unusual show of seemingly cordial negotiations, considering the nature of the crime, A CWT representative and one of the hackers discussed the price of restoring computer access in a publicly available online chat group.

The group initially said that such a bailout would likely be “much cheaper” than a lawsuit.. In chat, they even offered a “bonus” of recommendations on how CWT could improve their security measures if they choose to pay.

Online chat between CWT representatives and hackers

Online chat between CWT representatives and hackers. Source: Jack Stubbs

According to records from the chat, Tips from the hacker group included monthly password updates, at least three system administrators working at the same time, and checking user rights.

After CWT made the payment, hacker finished Chat with “It’s a pleasure to work with professionals”.

Is it easier to just pay?

Many target companies and organizations belonging to ransomware hacker groups ended up paying millions of dollars instead of risking the disclosure of confidential information or have the prospect of not having access to their computers for a long period of time.

According to reports The University of California San Francisco School of Medicine paid hackers responsible for a ransomware attack on June 1 a ransom of $ 1.14 million in cryptocurrency. Multinational technology company Garmin recently received the decryptor to access its files after a massive attack, suggesting that the company paid all or part of the $ 10 million that hackers originally requested.

However, not everyone is inclined to give in to criminals’ demands. An unnamed English Football League club refused to pay a $ 3.6 million ransom demanded by hackers who attacked its corporate security systems in July. The club refused to pay, which resulted in huge data loss.

Receive Breaking News !

Install
×
Enable Notifications    Ok No thanks