Business

‘Payment sent’ – travel giant CWT pays US$4.5 million ransom to cyber criminals

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Business

U.S. travel management firm CWT paid US$4.5 million this week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters.

FILE PHOTO: A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

31 Jul 2020 10:00PM

Share this content

Bookmark

LONDON: U.S. travel management firm CWT paid US$4.5 million this week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters.

The attackers used a strain of ransomware called Ragnar Locker, which encrypts computer files and renders them unusable until the victim pays for access to be restored.

Advertisement

Advertisement

The ensuing negotiations between the hackers and a CWT representative remained publicly accessible in an online chat group, providing a rare insight into the fraught relationship between cyber criminals and their corporate victims.

CWT, which posted revenues of US$1.5 billion last year and says it represents more than a third of companies on the S&P 500 U.S. stock index, confirmed the attack but declined to comment on the details of what it said was an ongoing investigation.

"We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased," it said in a statement.

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

"While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised."

Advertisement

Advertisement

CWT said it had immediately informed U.S. law enforcement and European data protection authorities.

A person familiar with the investigation said the company believed the number of infected computers was considerably less than the 30,000 the hackers told CWT they had infected.

DIGITAL RANSOM NOTE

The hackers initially demanded a payment of US$10 million to restore CWT's files and delete all the stolen data, according to the messages reviewed by Reuters. "It's probably much cheaper than lawsuits expenses (sic), reputation loss caused by leakage," the attackers wrote on July 27.

The CWT representative in the negotiations, who said they were acting on behalf of the firm's chief financial officer, said the company had been badly hit by the COVID-19 pandemic and agreed to pay US$4.5 million in the digital currency bitcoin.

"Okay let's get this moving forward. What are the next steps?" the representative said after agreeing to the ransom.

A public ledger of digitalRead More – Source