A Travel Firm CWT has paid $4.5M to hackers

CWT ransomware attack

Cover image via stock.adobe.com

U.S. based corporate travel firm CWT has been targeted by hackers. According to a report from Reuters, they have paid 414 bitcoin to hackers on July 27- roughly $4.5 million at the time. Another data shows after an hour they have transferred the funds to a different address.

According to attackers, they have used Ragnar Locker ransomware to disable access to files on 30000 computers at the firm and steal sensitive data. In the beginning, they demanded $10 million, but when CWT representatives claimed that the firm had suffered financial losses during the pandemic, they agreed to accept less than half.

We are at the point where we couldn’t just call them “ransomware” attacks because they are not just locking you out of your files, there is a lot more they are doing during ransomware attacks

Firstly, they stole your files and delete the copies from your computer, and then sell your files back to you. 

Ransom Negotiations between CWT representative and the hacker

You can consider the nature of the crime with this chat between the hacker and CWT representative. They were discussing the price of restoring computer access in a publicly accessible online chat group. 

The group initially said that this ransom would probably be much cheaper than a lawsuit. Hacker offered that if the firm decided to pay, they would give them recommendations as to how CWT could improve its security measures. 

Chat between CWT and hackers

Online chat between CWT representative and hackers. Source: Jack Stubbs

According to chat records, hackers gave them some recommendations like updating passwords every month, having at least three system admin working for 24×7, and checking user privileges.

“It’s pleasure to work with professionals” was the last message of hackers. 

Payment rather than loss of data

Most of the cases organizations ready to pay millions of dollars rather than taking risk of sensitive data. On June 1, the University of California at San Francisco School of Medicine paid a $1.14 million ransom in crypto to hackers behind a ransomware attack.

Another example of tech company Garmin shows up. Recently the company has paid $10 million to hackers to regain access to their files.