CWT is one of the largest travel management companies in the US. The company was recently forced to pay a $4.5 million ransom in BTC to hackers. CWT paid the ransom in exchange for its sensitive corporate data.
How Hackers Stole CWT Data
The hackers reportedly managed to gain access to over 30,000 computers used by the company. During the hack, they managed to steal two terabytes worth of files that included sensitive financial reports, the personal details of employees, and security documents.
Details of the Ransom Payment
Initially, the hackers demanded that CWT pay a $10 million ransom if they wanted to get back their data. However, the company negotiated the ransom down to $4.5 million. They then transferred 414 BTC to the hackers’ Bitcoin wallet.
During the negotiations, the hackers pointed out that the amount they wanted was much less than the cost of lawsuits and the reputational damage to the company if the data leaked. CWT countered that due to the impact of COVID-19, they could not afford to pay $10 million. In 2019, the company reported revenue of $1.5 billion. In its annual report, the company said that its clients included a third of all firms on the S&P 500 index.
CWT later put out a statement saying that after a temporary shut down on their systems, they were back online and the incident was over. The company said that while the investigations were still in the early stages, there was no sign that personal data had been compromised. However, no details of the investigation have been released.
Crypto Ransoms are a Growing Problem
Ransomware attacks where hackers demand a ransom in crypto are a growing problem. In the past few years, many large firms have been hit by such attacks with hackers demanding ransoms in millions. For instance, Garmin, a major fitness accessory company was hit with a ransomware attack in July 2020. Various reports indicate that the company paid a $10 million ransom to regain access to its data.
Kaspersky Labs recently issued a warning about the Lazarus group, which is a hacking group that operates out of North Korea. According to Kaspersky, the group was testing a new type of ransomware.