CWT, the fifth-largest travel company in the U.S. that boasts an annual revenue of $1.5 bln, agreed to pay $4.5 mln worth of Bitcoin to hackers who hijacked its computer system.
A July 31 Reuters report states that the Bitcoin wallet owned by cybercriminals received 414 BTC.
No customer data has been compromised
Cybersecurity researcher JAMESWT discovered that CWT’s information system had been infected with Ragnar Locker ransomware on July 30.
The company later confirmed that it indeed suffered a security breach so it had to temporarily shut down its system.
In their ransomware note, hackers claimed that they downloaded 2 TB of sensitive data, which included billing info, insurance cases and financial reports.
However, the hackers reportedly exaggerated the number of infected computers, which they claimed was 30,000.
The initial demand was $10 mln worth of BTC, but CWT, which was ravaged by the pandemic lockdown, agreed to pay only $4.5 mln to get its system back online and recover all stolen data.
An ongoing investigation has so far shown that the personal information of CWT customers was not affected by the incident:
While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised.
Ransomware attacks become rampant
Ransomware attacks continue to cripple businesses and even whole cities, causing billions of dollars worth of losses.
A school district in Texas recently blocked access to all of its data (including schedules and grades) following a similar black swan event. Earlier this week, its board of trustees had to fork over a $50,000 Bitcoin ransom.