CWT, the fifth biggest travel company in the U.S. paid $4.5 million in Bitcoin as ransom to hackers who infiltrated the firm’s computer system, stealing sensitive data. It is unclear whether customer information was also compromised.
Reuters reported that the bitcoin wallet of cyber thieves received 414 Bitcoin on July 28 as payment for the ransom from CWT. The ransom would be worth more than $4.8 million right now.
According to the report, the attackers infected CWT’s computer network with a ransomware called Ragnar Locker, which encrypted the whole system and made it accessible only to the hackers.
The attackers claimed to have disabled 30,000 computers, but the firm said this was exaggerated, while confirming the cyber-attack which forced it to shut down the systems.
“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased,” Reuters quoted CWT as saying.
“While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised.”
In the ransom note, the hackers claimed to have stolen two terabytes of CWT data which includes billing files, financial reports, security documents and personal data belonging to employees, such as email addresses and salary information.
They also claimed to have “information about your clients such as AXA Equitable, Abbot Laboratories, AIG, Amazon, Boston Scientific, Facebook, J&J, SONOCO, Estee Lauder and many others,” according to a tweet by Jameswt, the cybersecurity expert who discovered the CWT breach.
Per the Reuters report, the company immediately informed U.S. law enforcement and European data protection authorities.
The hackers initially demanded $10 million worth of Bitcoin ransom to restore CWT’s files and delete all the stolen data, but the company which is severely hit by the coronavirus, could only settle for $4.5 million.
CWT or Carlson Wagonlit Travel, is one of the largest travel firms in the U.S. The company that provides services to 33% of companies on the S&P 500 stock index, posted revenues of $1.5 billion in 2019.
Ransomware attacks costs businesses billions of dollars each year, in blackmail payments.