cryptovibes.com
US-based corporate travel firm CWT recently paid $4.5 million in Bitcoin to hackers. The malicious operators had stolen sensitive files from the company and demanded a ransom in return.
Lower from initial demands
The hackers initially demanded a ransom of $10 million to give access to sensitive files back to the travel company and delete all the stolen data. On July 27, the company paid 414 BTC worth roughly $4.5 million to the hackers. The payment was made in two transactions. The hackers transferred this money into a different wallet address within one hour. The report was published by Reuters on July 31.
The attackers used Ragnar Locker ransomware to lock access to files on the firm’s 30,000 computers. They also stole sensitive data from the company. The hackers accepted less than half of their initial demand after a representative told them about the losses they had suffered because of the pandemic.
Cordial negotiations
The negotiations between the hackers and CWT were unusually cordial, even though the hackers had gotten hold of sensitive files of their system. The hackers were discussing the ransom amount with the firm’s representatives in an online chat group which was publicly accessible. Initially, they stated that paying a ransom will be “much cheaper” than filing a lawsuit. They then said they will be adding a bonus for the firm, recommending them ways in which they could improve their security measures when they make a payment.
The char records show that the group has advised the company to change passwords every month and adding at least three system administrators that continue working at all times. It also asked the firm to check user privileged regularly. After the payment was made, the hackers ended the chat writing “it’s a pleasure to work with professionals.”
This is not the first instance of ransomware payment to hackers this year. The University of California at San Francisco School of Medicine paid hackers $1.14 million in crypto ransom for a June 1 attack. Garmin, a multinational tech firm, was also asked to pay $10 million after a massive attack.