Travel Management Company CWT Pays $4.5M Bitcoin to Hackers

Published at: Aug. 3, 2020

U.S.-based corporate travel firm CWT paid $4.5 million in a Bitcoin ransom to hackers who stole sensitive files from the company.

According to a July 31 report from Reuters, representatives from CWT (formerly Carlson Wagonlit Travel) paid ransomware hackers 414 Bitcoin (BTC) on July 27 — roughly $4.5 million at the time — over two transactions. Blockchain data shows the criminals transferred the funds to a different address within an hour.

The attackers said they used Ragnar Locker ransomware to disable access to files on 30,000 computers at the firm and steal sensitive data. They initially demanded $10 million, but accepted less than half after a CWT representative claimed the firm had suffered financial losses during the pandemic. 

Ransom negotiations visible to all

In an unusual show of seemingly cordial negotiations considering the nature of the crime, a CWT representative and one for the hackers discussed the price of restoring computer access in a publicly accessible online chat group. 

The group initially stated such a ransom would probably be “much cheaper” than a lawsuit. In the chat, they even offered a “bonus” of recommendations as to how CWT could improve its security measures if they decided to pay.

Online chat between CWT representative and hackers. Source: Jack Stubbs

According to chat records, some of the ransomware group’s advice included updating passwords every month, having at least three system administrators working at all times, and checking user privileges. 

After CWT made the payment, the hackers ended the chat with "it's a pleasure to work with professionals."

Easier just to pay?

Many businesses and organizations targeted by ransomware groups have ended up paying millions of dollars rather than risk sensitive information being released or face the prospect of not having computer access for an extended period. 

The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in crypto to the hackers behind a ransomware attack on June 1. Multinational tech company Garmin also recently received the decryptor to access their files following a massive hack, suggesting the company may have paid all or part of the $10 million initially requested by hackers.

However, not everyone is inclined to give in to the demands of criminals. An unnamed English Football League club refused to pay a $3.6 million ransom requested by hackers who targeted their corporate security systems in July. The club declined to pay, resulting in a huge loss of data.

Tags
Related Posts
Crypto-Ransomware Attacks Are Spreading Like a Hacking Wildfire
The last two years have witnessed a hefty uptick in crypto-centric ransomware attacks. Not only are bad actors becoming more refined, but they are facilitating access to other, less sophisticated ones. According to experts, crypto crime of this nature has been especially prevalent amid the coronavirus pandemic. But how does it all connect, and what can the industry do to stamp it out? As with all groups, the cryptocurrency sector has its portion of bad apples. Since 2018, ransomware attacks worldwide have increased by 200%. To make matters worse, the software required to carry out such attacks is widely available …
Regulation / June 17, 2020
Crypto in the crosshairs: US regulators eye the cryptocurrency sector
In her monthly Expert Take column, Selva Ozelli, an international tax attorney and CPA, covers the intersection between emerging technologies and sustainability, and provides the latest developments around taxes, AML/CFT regulations and legal issues affecting crypto and blockchain. Lately, news headlines are focused on regulators’ concerns over the lack of investor protections in the cryptocurrency market, which has ballooned to more than $2 trillion, and the possible risks to financial stability. National security agencies across the administration of United States President Joe Biden are grappling with high-profile cases of cryptocurrencies playing a role in ransomware attacks, intellectual property espionage, sanctions …
Regulation / Oct. 24, 2021
Latvian regulators warn public about cryptocurrency fraud
Latvia's Financial and Capital Market Commission has identified suspect transactions and attempted fraud in the domestic cryptocurrency space. In an official warning published on Monday, the FCMC urged investors to "be particularly vigilant, as cryptocurrencies operate in an infrastructure that is currently characterized by lower regulation than in the financial and capital markets." Within Latvia, the issuance and circulation of cryptocurrencies are mostly unregulated, with exceptions for certain types of investment services and contracts involving crypto that require a license from the FCMC. The regulator has shared several details of the "signs of fraud" it has identified within the domestic …
Regulation / Oct. 19, 2020
FBI and Tesla thwart $4 million Bitcoin ransomware plot
A young Russian citizen and his co-conspirators came within an inch of carrying out a major ransomware attack against Tesla — unaware that their target had already turned them in. Last week, the United States Federal Bureau Investigation (FBI) unsealed a criminal complaint against a conspirator in a thwarted ransomware plot against the electric car maker Tesla. On Aug. 22, the Bureau arrested 27 year-old Russian citizen Pavel Kriuchkov in Los Angeles, who had allegedly spent much of his month in the U.S. attempting to recruit a Tesla staffer at the firm’s Gigafactory Nevada site to collude on a nefarious …
Bitcoin / Aug. 28, 2020
Chainalysis report finds most NFT wash traders unprofitable
Nonfungible tokens (NFT) have taken the world by storm, resulting in mainstream interest and greater adoption of cryptocurrency. According to blockchain analysis firm Chainalysis, NFT popularity skyrocketed in 2021. Chainalysis’ “NFT Market Report” shows a minimum of $44.2 billion worth of cryptocurrency sent to Ethereum smart contracts associated with NFT marketplaces and collections last year. The report notes that this number was $106 million in 2020. While impressive, increasing scams and fraudulent activities have infiltrated the NFT space. For instance, major NFT marketplace OpenSea recently announced that its free minting tool was prone to misuse. As a result, OpenSea shared …
Nft / Feb. 6, 2022