Travel-management firm CWT paid $4.5 million in bitcoin to cyber extortionists

American travel-management company CWT paid 414 BTC ($4.5 million at the time of the transaction) to hackers who stole a large volume of confidential corporate information, Reuters.

The attackers used the Ragnar Locker ransomware, which encrypts data on the victim’s computers. They also claimed to have stolen 2 TB of data, including financial reports, security documents, and employees’ personal data.

Initially, the hackers demanded $10 million in cryptocurrency for a decryptor tool and the removal of the stolen data.

“This is probably far cheaper than the legal costs and reputational damage from the leak,” they stated in their correspondence with the firm.

A CWT spokesperson convinced them to lower the sum to $4.5 million, citing financial difficulties caused by the COVID-19 pandemic.

Fragment of a CWT representative’s correspondence with the hackers. Source: Reuters

The hackers said they had infected 30,000 of the company\’s computers. CWT, during the incident, disconnected them from the network, though the firm believes the number of infected machines was smaller.

“We can confirm that after a temporary shutdown of our systems as a precautionary measure they are back online, and the incident is over,” said CWT.

The company said it immediately notified U.S. law enforcement and European data-protection authorities. The investigation is ongoing, and CWT is not commenting on its progress.

According to the agency, last year the company\’s revenue was $1.5 billion. CWT says that its clients include more than a third of the companies in the S&P 500 index.

“According to FBI data, since 2013 ransomware has yielded hackers more than $144 million in bitcoin. Over the past two years, the average ransom size has risen by 200%, according to Crypsis Group.”

Subscribe to ForkLog news on Twitter!