Business travel giant CWT has reportedly paid US$4.5 million ($6.3 million) to cyber attackers who allegedly stole sensitive files and knocked 30,000 computers offline.
According to a record of the ransom negotiation seen by Reuters, the hackers originally asked for $14 million but a CWT representative who said they were acting on behalf of the firm’s CFO offered $6.3 million, citing the impacts of COVID-19.
CWT declined to comment on the ransom but said it experienced a cyber-incident over the weekend.
“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased,” the firm said.
“We immediately launched an investigation and engaged external forensic experts.”
CWT said that while investigations are still in early stages, it does not believe any customer information has been compromised.
The hackers reportedly used ransomware known as Ragnar Locker, which renders computer files unusable until the victim pays for access to be restored.
The negotiations were publically accessible on an online chat group and Reuters said the blockchain shows an online wallet controlled by the hackers received a payment of 414 bitcoin ($6.3 million) on 28 July.
The ransom note, which was also seen by Reuters, said the hackers claimed to have stolen two terabytes of files including financial reports, security documents and employees’ personal data such as email addresses and salary information.
Featured image source: iStock/solarseven