CWT (formerly Carlson Wagonlit Travel), the US-based corporate travel firm, has paid $4.5 million in a Bitcoin (BTC) ransom to hackers who stole sensitive files from the company.
On July 31, it has been reported by Reuters that representatives from CWT paid ransomware hackers 414 Bitcoin on July 27, around $4.5 million at the time, over two transactions.
However, blockchain data shows the criminals transferred the funds to a different address within an hour.
The attackers said that they used Ragnar Locker ransomware to disable access to files on 30,000 computers at the firm and steal sensitive data. They initially demanded $10 million but accepted less than half after a CWT representative claimed the firm had suffered financial losses during the pandemic.
As per the report, in an unusual show of seemingly cordial negotiations considering the nature of the crime, a CWT representative and one for the hackers discussed the price of restoring computer access in a publicly accessible online chat group.
The group initially stated that such a ransom would probably be “much cheaper” than a lawsuit. In the chat, they even offered a “bonus” of recommendations as to how CWT could improve its security measures if they decided to pay.
Likewise, according to chat records, some of the ransomware group’s advice included updating passwords every month, having at least three system administrators working at all times, and checking user privileges.
Thus, the hackers ended the chat with “it’s a pleasure to work with professionals” after CWT made the payment.