According to the report, the attackers infected CWT’s computer network with a ransomware called Ragnar Locker, which encrypted the entire system, making it accessible only to the hackers.
CWT, one of the biggest travel companies in the U.S., this week paid $4.5 million in bitcoin to hackers who infiltrated the firm’s computer system, stealing sensitive corporate data. It is unclear whether customer information was also compromised.
Reuters reported that the bitcoin wallet owned by the cyber thieves received 414 BTC on July 28 as payment for the ransom. At current prices, the ransom would be worth more than $4.8 million.
The criminals claimed to have disabled 30,000 computers, but the company later said this figure was exaggerated, while confirming the cyber-attack which forced it to shut down its systems.
“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased”, Reuters quoted CWT as saying.
“While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised.”
In their ransom note, the hackers claimed to have stolen two terabytes of CWT data, including billing files, financial reports, security documents and personal data belonging to employees, such as email addresses and salary information.
They also claimed to have “information about your clients such as AXA Equitable, Abbot Laboratories, AIG, Amazon, Boston Scientific, Facebook, J&J, SONOCO, Estee Lauder and many others”, according to a tweet by Jameswt, the cybersecurity expert who discovered the CWT breach.
Per the Reuters report, the company said it had immediately informed U.S. law enforcement and European data protection authorities.
The hackers initially demanded $10 million worth of bitcoin to restore CWT’s files and delete all the stolen data, but the firm, severely hit by the new coronavirus, could only settle for $4.5 million.
CWT, formerly known as Carlson Wagonlit Travel, is the fifth largest travel firm in the U.S. The company, which says it provides services to 33% of companies on the S&P 500 stock index, posted revenues of $1.5 billion in 2019.
Ransomware attacks are reportedly costing businesses billions of dollars each year, in blackmail payments.