A corporate travel company has been forced to pay a massive bitcoin ransom to hackers that apparently took over its computer systems and encrypted its data. The company – known as CWT – is now nearly $5 million poorer, having paid approximately $4.5 million to get its information and network back.
CWT Is the Latest Ransomware Victim
As many as 30,000 computers were taken over by unseen hijackers, who then proceeded to gain access to roughly two terabytes of unique data owned by the company. The discussions between the company’s executives and the hackers in question played out publicly in a chat room, which gave all users of the forum and various members of the press access to what was going on.
Initially, the hijackers sought a ransom of approximately $10 million, though they agreed to settle for $4.5 million following several lengthy discussions with CWT. At the time of writing, it is not clear if customer data belonging to individuals who may have worked with CWT has been compromised or damaged in any way by the efforts of the hackers.
A representative of CWT is quoted as saying:
While the investigation is at an early stage, we have no indication that personally identifiable information or customer or traveler information has been compromised.
It is believed that the hackers may have used software known as Ragnar Locker to potentially encrypt the data. The malware is relatively popular and has been in use since late last year according to cybersecurity firms like McAfee.
On its website, McAfee offers the following description of the malicious software:
Ragnar Locker is a simple ransomware, much like others that exist in the criminal market. Due to its small size, its operator’s aggressive behavior and the knowledge they seem to have that allows them to enter the networks of enterprises, as well as the threat to leak information if the ransom is not paid, Ragnar Locker could potentially become a big threat in the future. Time will tell if Ragnar Locker becomes a serious threat or disappears against a backdrop of other ransomware with more resources. The code is medium in quality.
This Could Get a Lot Worse
The way the software works is by blocking legal or legitimate users from accessing backup drives to operate certain devices. This pretty much shuts out all original owners and gives full control of information to the hijackers. One potential way of keeping data secure is by ensuring that all back-up drives are stored offsite, thereby limiting access to outside parties.
July 30 saw the FBI releasing a statement explaining that attacks involving Ragnar Locker have reached new peaks across the globe. The news comes at a time when various regions are experiencing heightened interest in business travel following lengthy lockdowns thanks to the coronavirus pandemic.