Prominent US travel management agency CWT has paid 414 BTC amounting to $4.5 million to hackers who claimed to have compromised 30,000 computers and stolen sensitive corporate data from the firm.
The report by Reuters said that according to data from the ransom negotiations, the cybercriminals attacked the firm’s systems using the Ragnar Locker ransomware strain. The malware allowed them to encrypt CWT’s computer files, locking them out until they paid the ransom to have their access reinstated.
The negotiations happened in an open online chat, between the hackers and a CWT negotiations representative. Part of the evidence presented by the hackers as proof of theft of two terabytes of data included screenshots of employees’ personal data, financial reports, security documents, salary information, and email addresses.
Hackers Say it’s Easier for CWT To Pay Ransom
Initially, the hackers had demanded a ransom of $10 million in BTC, to restore all data and delete any copies that they had backed-up elsewhere. In one of the chats, the hackers pointed out in a very business-like transaction statement that it was more feasible for CWT to pay the ransom:
“It’s probably much cheaper than lawsuit expenses (sic), reputation loss caused by leakage.”
Last year, CWT revenues totaled $1.5 billion with the firm claiming to represent over 70% of all companies on the US S&P 500 stock Index. However, as the negotiations representative said to the hackers on behalf of the firm, the coronavirus pandemic has hit CWT hard this year and they could only agree to go as high as $4.5 million.
Blockchain explorer shows that a hot wallet address belonging to the cybercriminals received 414 bitcoin. Ongoing investigations, however, so far doubt that they accessed as many as 30,000 computers as they claimed. The firm said:
“We can confirm that after temporary shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased. While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveler information has been compromised.”
Cryptocurrencies Are Hardly To Blame for Cyber-criminal Activities
Collectively, corporations incur billions of dollars in losses every year in ransom payments. The highly lucrative business for cybercriminals is heavily frowned upon by law enforcement but the criminals are getting slyer and choosing cryptocurrency payments for their high-level potential of transactional anonymity.
Bitcoin, as the top cryptocurrency has especially been abused by cybercriminals and money launderers on multiple occasions. But according to Binance CEO Changpeng Zhao, it is hardly Bitcoin’s fault. If corporations want to protect their data, they will eventually have to step up and practice more superior security measures:
“Again, not #bitcoin’s fault, but as we inevitably evolve into a more digital civilization, all businesses new and old will need to revamp their security practices. #SAFU”