Hackers launched a ransomware attack and compromised sensitive documents from a travel firm based in Minneapolis. After the successful attack and compromise, the hackers requested a ransom in Bitcoin, and the company known as CWT paid 414 Bitcoin valued at $4.5 million.
According to a report by Reuters, the hackers stole sensitive corporate files and claimed to have knocked 30,000 computers offline. The anonymous hackers were able to encrypt the firm’s files using ransomware technology called Ragnar. Hence, CWT’s employees could not access the files, thereby compelling the firm to pay the ransom.
CWT, which generated revenues of $1.5 billion last year, paid the ransom on July 28. The hackers then released the files; CWT regained access and decrypted the information which includes employee data, financial documents and other information.
CWT said in a statement that it took precautionary measures through a temporary shutdown but its systems are back online and the incident has now ceased. Investigations have just started and nothing shows the compromise of personally identifiable information or customer and traveller information, said the firm.
Following the incident, CWT said it informed United States law enforcement and European data protection authorities. At first, the hackers requested Bitcoin valued at $10 million as ransom, but CWT talked them down, mentioning the current pandemic-influenced financial challenges as the reason for being unable to pay the full bill.
Blockchain shows that the hackers’ online wallet received the requested payment of 414 bitcoin on July 28. The hackers left a ransom note on the firm’s infected computers, claiming that they stole two terabytes of files, including financial reports, security documents and employees’ personal data like email addresses as well as salary information.
Hackers are good at using ransomware to attack databases and steal data. Such attacks are a consistent and serious threat to businesses as well as private firms. On July 29, Bitcoin hardware wallet maker Ledger said hackers breached its database, thereby affecting the emails and ecommerce documents of one million customers.