US-based travel management company CWT paid $4.5 million worth of bitcoin in ransom to hackers this week who stole confidential corporate data, as Reuters reported yesterday (July 31). The hackers claimed to have encrypted files on 30,000 computers and uploaded 2 terabytes data from the company system.
The attack hit the business last week and it is reported that hackers used Ragnar Locker, a form of ransomware that encrypts computer files and keeps them inaccessible till the victim pays for access restoration.
Reuters said that they obtained the specifics of the negotiations between CWT representative and unidentified hackers from the publicly viewable chat room where hackers initially demanded $10 million as ransom before settling for $4.5 million. The first hint of a hack and ransom was posted on twitter by independent malware hunter @JAMESWT.
VT First Submission 2020-07-27 07:53:43 #Ragnar #Locker hit #CWT #company
Sample
✅https://t.co/GUcibuPUrK
✅https://t.co/dnVLpcdqet
✅https://t.co/goMkl7AhZo@malwrhunterteam @demonslay335@James_inthe_box @VK_Intel@Arkbird_SOLG @VirITeXplorer@sugimu_sec @58_158_177_102 pic.twitter.com/JncyxsTRQ2— JAMESWT (@JAMESWT_MHT) July 30, 2020
In a statement, CWT confirmed the cyberattack and said “We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased’. CWT further added that U.S. law enforcement and the European data protection authorities had been immediately informed. Although the investigation is at an early stage, there is no evidence that customer’s personal and travel information has been compromised.
Huge rise in hacking attacks
Various research indicates that both the number of ransomware attacks and the percentage of payment attacks are increasing annually. Attackers today often threaten large companies and demand massive payments. There are a lot of things that malware can do after the victim’s device has been taken over, the most common action is to encrypt some or all of the user’s data. Perhaps that’s why more ransomware victims are complying with their cyber attackers’ demands by handing out cash to decrypt encrypted data than ever before.
Twitter accounts of several famous figures, including Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, were hacked on July 15, 2020. The tweeted message said that every bitcoin sent to the link in the tweet would have a doubled return. Fake tweets promised $2,000 for every $1,000 sent to Bitcoin. Although the hack was detected in hours, data from open blockchain records showed that a hacker could earn up to $120,000 in a short time frame.