{"id":26749,"date":"2020-08-02T12:15:57","date_gmt":"2020-08-02T09:15:57","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=26749"},"modified":"2025-08-26T16:21:38","modified_gmt":"2025-08-26T13:21:38","slug":"travel-management-firm-cwt-paid-4-5-million-in-bitcoin-to-cyber-extortionists","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/travel-management-firm-cwt-paid-4-5-million-in-bitcoin-to-cyber-extortionists\/","title":{"rendered":"Travel-management firm CWT paid $4.5 million in bitcoin to cyber extortionists"},"content":{"rendered":"<p>American travel-management company CWT paid 414 BTC ($4.5 million at the time of the transaction) to hackers who stole a large volume of confidential corporate information, <a href=\\\"https:\/\/www.reuters.com\/article\/us-cyber-cwt-ransom\/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\">Reuters<\/a>.<!--more--><\/p>\n<p>The attackers used the Ragnar Locker ransomware, which encrypts data on the victim&#8217;s computers. They also claimed to have stolen 2 TB of data, including financial reports, security documents, and employees&#8217; personal data.<\/p>\n<p>Initially, the hackers demanded $10 million in cryptocurrency for a decryptor tool and the removal of the stolen data.<\/p>\n<blockquote>\n<p>&#8220;This is probably far cheaper than the legal costs and reputational damage from the leak,&#8221; they stated in their correspondence with the firm.<\/p>\n<\/blockquote>\n<p>A CWT spokesperson convinced them to lower the sum to $4.5 million, citing financial difficulties caused by the COVID-19 pandemic.<\/p>\n<div id=\\\"attachment_106240\\\" style=\\\"width: 830px\\\" class=\\\"wp-caption aligncenter\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" aria-describedby=\\\"caption-attachment-106240\\\" class=\\\"wp-image-106240 size-full\\\" src=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-6.jpg\\\" alt=\\\"Travel-management firm CWT paid $4.5 million in bitcoins to cyber extortionists\\\" width=\\\"820\\\" height=\\\"551\\\" srcset=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-6.jpg 820w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-6-300x202.jpg 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-6-768x516.jpg 768w\\\" sizes=\\\"auto, (max-width: 820px) 100vw, 820px\\\" \/><\/p>\n<p id=\\\"caption-attachment-106240\\\" class=\\\"wp-caption-text\\\">Fragment of a CWT representative&#8217;s correspondence with the hackers. Source: Reuters<\/p>\n<\/div>\n<p>The hackers said they had infected 30,000 of the company\\&#8217;s computers. CWT, during the incident, disconnected them from the network, though the firm believes the number of infected machines was smaller.<\/p>\n<blockquote>\n<p>&#8220;We can confirm that after a temporary shutdown of our systems as a precautionary measure they are back online, and the incident is over,&#8221; said CWT.<\/p>\n<\/blockquote>\n<p>The company said it immediately notified U.S. law enforcement and European data-protection authorities. The investigation is ongoing, and CWT is not commenting on its progress.<\/p>\n<p>According to the agency, last year the company\\&#8217;s revenue was $1.5 billion. CWT says that its clients include more than a third of the companies in the S&amp;P 500 index.<\/p>\n<p>&#8220;According to FBI data, since 2013 ransomware has yielded hackers more than $144 million in bitcoin. Over the past two years, the average ransom size has risen by 200%, according to Crypsis Group.&#8221;<\/p>\n<p>Subscribe to ForkLog news on <a href=\\\"https:\/\/twitter.com\/ForkLog\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener noreferrer\\\">Twitter<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The American travel-management company CWT paid 414 BTC ($4.5 million at the time of the transaction) to hackers who stole a large volume of confidential corporate information, Reuters reports.<\/p>\n","protected":false},"author":1,"featured_media":26750,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-26749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"11","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/26749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=26749"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/26749\/revisions"}],"predecessor-version":[{"id":26751,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/26749\/revisions\/26751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/26750"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=26749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=26749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=26749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}