- CWT has paid a ₿414 ($4.5 Million) ransom to hackers who claimed to have compromised 30,000 computers
- The hackers also claimed to have stolen two terabytes of company information
- The ransom payment discussions were held on a public chat group
CWT, the Minnesota-based travel company which posted $1.5 billion in profits last year, has paid out a ₿414 ($4.5 Million) ransom to hackers who claimed they knocked 30,000 computers offline and stole two terabytes worth of sensitive corporate data. The hackers initially demanded $10 million in Bitcoin but settled for $4.5 million, with the company claiming the impact of coronavirus meant that they couldn’t afford the full ransom.
CWT Hit by Ragnar Locker Ransomware
According to Reuters, CWT was hit by ransomware called Ragnar Locker, a strain that encrypts computer files and renders them inaccessible until the victim pays for a decryption tool. Despite Reuters citing an insider as saying that the number of impacted computers was “considerably less than the 30,000 the hackers told CWT they had infected”, the company was still concerned enough with what had been taken to pay the ransom.
In the hackers’ pitch they had claimed that the reputational damage caused by a leak of the stolen information, plus the legal costs that would be associated with the inevitable lawsuits, would be far in excess of the $10 million they initially asked for.
Negotiations Held in Public Chat Group
The hackers left a ransom note on infected CWT computers claiming to have stolen a huge amount of company information, including financial reports, security documents, and employees’ personal data such as salary and contact information. Incredibly, negotiations between the hackers and a CWT representative were publicly accessible in an online chat group, where the two avatars concluded their surreal business.
Ransomware attacks like this are nothing new of course, but the public nature of the discussions offered an insight into how such deals are seemingly arranged. A bill proposed in New York earlier this year following several high profile attacks would make paying hackers illegal.