Travel management firm CWT pays hackers $ 4.5 million in bitcoin


US business travel company CWT paid $ 4.5 million in Bitcoin ransom to hackers who stole sensitive files from the company.

According to a July 31 report from Reuters, representatives from CWT (formerly Carlson Wagonlit Travel) paid the 414 Bitcoin (BTC) ransomware hackers on July 27 – about $ 4.5 million at the time – on two transactions. Blockchain data shows that the criminals transferred the funds to a different address within an hour.

The attackers said they used the Ragnar Locker ransomware to disable file access on 30,000 company computers and steal sensitive data. They initially asked for $ 10 million, but agreed to less than half after a representative from CWT claimed the company suffered financial losses during the pandemic.

Ransom negotiations visible to all

In an unusual show of seemingly cordial negotiations given the nature of the crime, a representative from CWT and a representative for hackers discussed the price of restoring computer access in a publicly accessible online discussion group. .

The group initially said such a ransom would likely be “much cheaper” than a trial. In the chat, they even offered a “bonus” of recommendations on how CWT could improve its security measures if they decided to pay.

Online chat between a CWT representative and hackers. Source: Jack Stubbs

According to the chat records, some of the ransomware group’s advice included updating passwords every month, having at least three system administrators working around the clock, and checking user privileges.

After CWT made the payment, the hackers ended the chat saying “it’s a pleasure to work with professionals.”

Easier to pay?

Many companies and organizations targeted by ransomware groups ended up paying millions of dollars rather than disclosing risk-sensitive information or risking not having access to the computer for an extended period of time.

The University of California at San Francisco School of Medicine reportedly paid a ransom of $ 1.14 million in crypto to hackers behind a ransomware attack on June 1. Multinational tech company Garmin also recently received the decryptor to access their files following a massive hack, suggesting that the company may have paid all or part of the $ 10 million originally demanded by the hackers.

However, not everyone is inclined to give in to the demands of criminals. An anonymous English Football League club refused to pay a $ 3.6 million ransom demanded by hackers who targeted their corporate security systems in July. The club refused to pay, which resulted in huge data loss.


Please enter your comment!
Please enter your name here