In the month of July U.S travel management firm CWT paid $4.5 million this week to the hackers' stolen reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters. The attackers used a strain ransomware called Ragnar locker, which encrypts computer files and renders them unusable until the victim pays to be restored.
The negotiations between the hackers and a CWT representative remained publicly accessible in an online chat group providing a rare insight into the fraud relationship between cybercriminals and their corporate victims. CWT, which posted revenue of $1.5billion last year and says it represents more than a third of companies on the S&P 500 U.S stock index, confirmed the attack but declined the comment on the details of what if said was an ongoing investigation.
CWT informed immediately to the U.S law enforcement and European data protection authorities. A person with familiar investigation said the company believed the number of infected computers was considerably less than 30,000 the hackers told the CWT they had infected.
Reuters reports that the hacker cybercriminals got in touch with the representative of CWT after their dastardly deed had been done to negotiate a ransom. Initially a sum of US $10 million was demanded for safe returns of reams of sensitive corporate files and the deletion of the copies of the data. It isn't clear if the data was mainly CWT's customers or both reporting organisations Thomson Reuters is a customer of CWT. The hackers suggested paying them off would be much cheaper than the law suits that would result if they leaked all this data publically.
A public ledger of digital currency payments known as the block chain, shows that an online wallet controlled by the hackers received the requested payment of 414 bitcoin on July 28. Messages sent to email addresses used by the hackers went unanswered. It was not clear whether data belonging to any of CWTs customers, including Thomson Reuters was compromised.
Western security officials says ransomware attacks are a consistent and a serious threat to businesses and private companies, despite the increased attention usually given to the headline-grabbing antics of state-backed hackers. Such attacks are thought to cost billions of dollars each year, either in extorted payments or recovery rates.
Cyber security experts say the best defence is to keep secure data back-ups, and the paying ransoms encourage further criminals attacks without guarantee that the encrypted files will be restored.
Read more breaking news: https://www.isoeh.com/breaking-news.html