Selloff or Market Correction? Either Way, Here's What to Do NextSee Overvalued Stocks

'Payment sent' - travel giant CWT pays $4.5 million ransom to cyber criminals

Published 07/31/2020, 09:58 AM
Updated 07/31/2020, 11:11 AM
© Reuters. Projection of cyber code on hooded man is pictured in this illustration picture
TRI
-

By Jack Stubbs

LONDON (Reuters) - U.S. travel management firm CWT paid $4.5 million this week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters.

The attackers used a strain of ransomware called Ragnar Locker, which encrypts computer files and renders them unusable until the victim pays for access to be restored.

The ensuing negotiations between the hackers and a CWT representative remained publicly accessible in an online chat group, providing a rare insight into the fraught relationship between cyber criminals and their corporate victims.

CWT, which posted revenues of $1.5 billion last year and says it represents more than a third of companies on the S&P 500 U.S. stock index, confirmed the attack but declined to comment on the details of what it said was an ongoing investigation.

"We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased," it said in a statement.

"While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised."

CWT said it had immediately informed U.S. law enforcement and European data protection authorities.

A person familiar with the investigation said the company believed the number of infected computers was considerably less than the 30,000 the hackers told CWT they had infected.

DIGITAL RANSOM NOTE

The hackers initially demanded a payment of $10 million to restore CWT's files and delete all the stolen data, according to the messages reviewed by Reuters. "It's probably much cheaper than lawsuits expenses (sic), reputation loss caused by leakage," the attackers wrote on July 27.

The CWT representative in the negotiations, who said they were acting on behalf of the firm's chief financial officer, said the company had been badly hit by the COVID-19 pandemic and agreed to pay $4.5 million in the digital currency bitcoin.

"Okay let's get this moving forward. What are the next steps?" the representative said after agreeing to the ransom.

A public ledger of digital currency payments, known as the blockchain, shows that an online wallet controlled by the hackers received the requested payment of 414 bitcoin on July 28.

Messages sent to email addresses used by the hackers went unanswered.

In a ransom note left on infected CWT computers and screenshots posted online, the hackers claimed to have stolen two terabytes of files, including financial reports, security documents and employees' personal data such as email addresses and salary information.

It was not clear whether data belong to any of CWT's customers, including Thomson Reuters (NYSE:TRI), was compromised.

Western security officials say ransomware attacks are a consistent and serious threat to businesses and private companies, despite the increased attention usually given to the headline-grabbing antics of state-backed hackers.

Such attacks are thought to cost billions of dollars each year, either in extorted payments or recovery costs.

© Reuters. Travel giant CWT pays $4.5 mln ransom to cyber criminals

Cybersecurity experts say the best defence is to keep secure data back-ups, and that paying ransoms encourages further criminal attacks without any guarantee that the encrypted files will be restored.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.