Travel giant CWT pays $4.5M in Bitcoin ransom to recover data

CWT, one of the largest travel companies based in the United States, has agreed to pay $4.5 million as Bitcoin ransom to the hackers who breached its computer network.

Formerly Carlson Wagonlit Travel, CWT is a company boasting an annual revenue of $1.5 billion. The company had been attacked by hackers who took control of the computer system through a ransomware file.

Ransomware attack

Twitter user @JAMESWT_MHT revealed that the company’s computer system had been infected with Ragnar Locker ransomware. The company later confirmed the breach and announced that it is temporarily shutting down its systems.

As Cryptopolitan previously reported, Ragnar Locker deploys a virtual machine to bypass security. The ransomware executable file has a size of only 49 kBs hidden inside a 282 MB virtual image, and a 122 MB installer as such Ragnar Locker can bypass through basic antivirus software and encrypt the data on the computer making it unusable for the victim without paying for the decryption software.

$4.5 million Bitcoin ransom

The attackers claimed that they had stolen two terabytes of data, including employees’ personal data, security documents, and financial reports. The hackers demanded a ransom of $10 million dollars to provide the software necessary for the decryption and to delete the stolen data they had stored on their servers.

CWT claimed that the company had been greatly affected by the COVID-19 pandemic and agreed to pay $4.5 million as Bitcoin ransom.

The hackers’ blockchain address received 414 BTC ($4.5M) on July 28. CWT stated that the investigation is at an early stage and claimed that there is “no indication” that customer information has been leaked.

About the author