Shocking News!! Hacker ransom paid by travel firm to recover its data

By Rahul Vaimal, Associate Editor
  • Follow author on
Carlson Wagonlit Travel
Representational Image

US-based travel management firm CWT (earlier known as Carlson Wagonlit Travel) has reportedly paid $4.5 million in bitcoins to hackers who stole loads of sensitive corporate files and allegedly disabled 30,000 computers. 

The attackers who used a publicly accessible online chat group for negotiations applied a strain of ransomware called Ragnar Locker, which encrypts computer files and renders them unusable until the victim pays for access to be restored.

“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased,” CWT said in a statement.

“While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveler information has been compromised.”

The firm has said to have immediately informed US law enforcement and European data protection authorities.

As per the reports, the company believed the number of infected computers was considerably less than the 30,000 what the hackers claimed to have infected. The CWT representative who acted on default of the CFO at CWT renegotiated the earlier demand of $10 million by the hackers citing pandemic related slowdown affecting the organization.

Hackers finally agreed to a sum of $4.5 million in the digital currency bitcoin to restore CWT’s files and delete all the stolen data.

The publically accessible blockchain ledger showed that an online wallet controlled by the hackers received the requested payment of 414 bitcoin on July 28.

Hackers allegedly stole two terabytes of files, including financial reports, security documents and employees’ personal data such as email addresses and salary information.

Cybersecurity experts across the globe recommend data backups as the best defense against such attacks as paying ransoms encourages further criminal attacks without any guarantee that the encrypted files will be restored.