UPDATED 22:38 EDT / AUGUST 02 2020

SECURITY

Travel management company CWT hands over $4.5M following ransomware attack

Business travel management company CWT Global B.V. is the latest company to pay a ransom demand following a ransomware attack.

According to report Friday by Reuters, the company paid $4.5 million to those behind the ransomware after the attack knocked some 30,000 of the company’s computers offline.

The hackers are also alleged to have stolen reams of sensitive corporate files, although the company denies it. CWT is one of the largest travel companies in the U.S. and ranks fifth on a list of the top-earning travel companies in the world. Its clients include a third of the companies on the S&P 500 U.S. stock index.

The ransomware attack is said to have involved Ragnar Locker, a form of ransomware attacks Microsoft Windows and usually targets software used by managed service providers to prevent the attack from being detected and stopped. Once successfully deployed on a targeted computer or network, Ragnar Locker at first performs reconnaissance and pre-deployment tasks, including stealing a victim’s files, before encrypting files and demanding a ransom.

Those behind Rangar Locker are believed to be independent but in the past have teamed with the Maze ransomware gang to extort victims.

Remarkably, negotiations between CWT and those behind the attack were undertaken on a publicly accessible online chat group. The hackers initially demanded a payment of $10 million to restore CWT’s files and delete all stolen data, saying that “it’s probably much cheaper than lawsuits expenses [sic], reputation loss caused by leakage.” A representative of CWT said it was acting on behalf of the company’s chief financial officer and wrote that the company had been hit hard by COVID-19 and would agree to pay $4.5 million instead.

Reuters notes that a payment equivalent to $4.5 million in bitcoin was subsequently sent to a wallet controlled by the hackers on July 28.

Some companies feel that they have no choice other than to pay a ransom to restore computer networks or prevent the distribution of stolen data, but doing so only empowers hackers to try their luck with more companies. Sneha Kokil, software security consultant at electronic design automation firm Synopsys Inc., told SiliconANGLE last year that “security experts suggest not paying ransoms because it may encourage expanded or copycat attacks” and that “additionally, in many cases there is no guarantee that the paid ransom will release the decryption key for you to access the data being held for ransom.”

Image: CWT

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU