According to the Reuters report, the US-based corporate travel firm CWT (formerly Carlson Wagonlit Travel) paid ransomware hackers 414 Bitcoin on July 27, which was around $4.5 million at that time over two transactions. Blockchain data confirms that the criminals transferred the funds to a different address within an hour. The attackers said they used Ragnar Locker ransomware to decrypt files on 30,000 computers at the firm and steal sensitive data.
The company negotiated the ransom amount.
Initially, the hackers demanded $10 million in ransom but accepted less than half after a CWT representative claimed the firm had suffered financial losses during the pandemic. A representative from the company and one for the hackers discussed the price of restoring computer access in a publicly accessible online chat group. The group initially stated such a ransom would probably be “much cheaper” than a lawsuit. In the chat, the hackers even offered a “bonus” of recommendations as to how the travel company could improve its security measures if they decided to pay and prevent such breach in the future.
Crypto scams continue to rise amid the ongoing pandemic.
The scams related to cryptocurrency have increased amid the ongoing global pandemic. Earlier this year, the US Federal Bureau Investigation had released a report warning people to be aware of crypto scams as scammers might be looking to unleash a surge. The social media giant Twitter also suffered a major security breach last month when hackers managed to access the accounts of many famous people and sent out tweets soliciting bitcoins. Three people have been charged for the massive hack so far. In June this year, The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in crypto to the hackers behind a ransomware attack. Singapore also reported a massive surge in the number of ransomware attacks.