on the crypto
The prestigious US travel agency CWT paid 414 BTC worth $ 4,5 million to hackers who claimed to have compromised 30.000 computers and stolen sensitive company data from the company.
The dynamics of the attack
The Reuters report says that according to known data on the ransom negotiations, cybercriminals attacked the company's systems using ransomware known as Ragnar Locker. The malware allowed them to encrypt the files on CWT's computers, blocking them until the company paid the ransom, restoring their access.
Negotiations took place in an open online chat, between the hackers and a CWT representative. Part of the evidence presented by hackers to prove that two terabytes of data was actually stolen included screenshots of employee personal data, financial reports, security documents, salary information, and email addresses.
Hackers have claimed that the easiest way for CWT is to pay a ransom
Hackers initially requested a ransom of $ 10 million in BTC - here quotation in real time to know the countervalue - to restore all data and delete all copies backed up elsewhere.
In one of the chats, the hackers pointed out that it was more feasible for CWT to pay the ransom than to proceed in other ways: "It is probably much cheaper than the legal fees (sic), and the reputation damage caused by the violation."
Last year, CWT's revenues were $ 1,5 billion. However, as the company spokesman told hackers during the negotiation, the coronavirus pandemic hit CWT hard this year, so they were able to agree on a maximum ransom of $ 4,5 million.
Blockchain explorer shows that a hacker hot wallet address has received 414 BTC. However, ongoing investigations show that hackers are not said to have actually accessed as many as 30.000 computers.
The company said: “We can confirm that after temporarily shutting down our systems as a precautionary measure, they have returned to active online and the incident is now resolved. The investigation is currently at an early stage, and we have no indication that personally identifiable information / customer and traveler information has been compromised. "
Cryptocurrencies the new target for cybercriminals
Collectively, companies suffer billions of dollars in losses every year in ransom payments. In recent times, criminals are getting smart and are choosing cryptocurrency payments that exploit the high level of anonymity potential during transactions.
Bitcoin, as the main cryptocurrency has been particularly abused by cybercriminals and money launderers on multiple occasions. But according to Changpeng Zhao, CEO of Binance, it is certainly not Bitcoin's fault.
If companies want to protect their data, they will eventually have to step up and put in place higher security measures: “Again, it's not bitcoin's fault, but since we inevitably evolve into a more digital civilization, all old and new companies they will have to renew their security practices. "
