Travel giant CWT pays $6.3m ransom to cyber criminals – Security

US travel management firm CWT paid US$four.5 million (A$6.3 million) to hackers who stole reams of sensitive corporate data files and said they had knocked 30,000 computers offline, according to a report of the ransom negotiations seen by Reuters.

The attackers used a strain of ransomware named Ragnar Locker, which encrypts computer data files and renders them unusable until eventually the victim pays for obtain to be restored.

The ensuing negotiations concerning the hackers and a CWT consultant remained publicly obtainable in an on line chat team, delivering a uncommon perception into the fraught relationship concerning cyber criminals and their corporate victims.

CWT, which posted revenues of US$one.5 billion last calendar year and says it represents more than a third of companies on the S&P five hundred US inventory index, verified the assault but declined to comment on the specifics of what it said was an ongoing investigation.

“We can confirm that soon after briefly shutting down our techniques as a precautionary measure, our techniques are back again on line and the incident has now ceased,” it said in a assertion.

“Even though the investigation is at an early phase, we have no sign that personally identifiable data/buyer and traveller data has been compromised.”

CWT said it had right away educated US regulation enforcement and European info defense authorities.

A individual familiar with the investigation said the company considered the amount of contaminated computers was significantly a lot less than the 30,000 the hackers advised CWT they had contaminated.

The hackers to begin with demanded a payment of US$ten million to restore CWT’s data files and delete all the stolen info, according to the messages reviewed by Reuters.

“It truly is probably a lot cheaper than lawsuits costs (sic), popularity decline triggered by leakage,” the attackers wrote on July 27.

The CWT consultant in the negotiations, who said they were being acting on behalf of the firm’s chief economical officer, said the company had been poorly strike by the COVID-19 pandemic and agreed to pay back US$four.5 million in the digital forex bitcoin.

“Alright let’s get this moving forward. What are the following steps?” the consultant said soon after agreeing to the ransom.

A community ledger of digital forex payments, known as the blockchain, demonstrates that an on line wallet controlled by the hackers gained the requested payment of 414 bitcoin on July 28.

Messages despatched to e mail addresses used by the hackers went unanswered.

In a ransom observe still left on contaminated CWT computers and screenshots posted on line, the hackers claimed to have stolen two terabytes of data files, which includes economical reviews, security files and employees’ personalized info this kind of as e mail addresses and salary data.

It was not clear no matter if info belong to any of CWT’s customers, which includes Thomson Reuters, was compromised.

Western security officers say ransomware assaults are a dependable and major risk to companies and non-public companies, in spite of the enhanced awareness ordinarily supplied to the headline-grabbing antics of state-backed hackers.

Such assaults are considered to value billions of dollars each and every calendar year, both in extorted payments or recovery charges.

Cybersecurity industry experts say the best defence is to maintain protected info back again-ups, and that paying ransoms encourages even further legal assaults without the need of any warranty that the encrypted data files will be restored.