The American firm CWT, working in the field of corporate tourism, paid a ransom of 414 BTC ($4.5 million) to hackers who encrypted the company’s files and stole important data from it.
Attackers used the Ragnar Locker ransomware virus to access CWT servers and computers. They were able to infect more than 30,000 company computers and steal important data. Initially, the hackers asked for a $10 million ransom, but after negotiations, the amount was reduced to $4.5 million. On July 27, 414 BTC was transferred to the ransomware wallet in two transactions. Then, within an hour, the attackers moved the funds to a different address.
Twitter user Jack Stubbs, who is a Reuters correspondent, published correspondence between CWT representatives and hackers. The attackers noted that in case of disclosure of data, claims against the company “will cost much more” than paying a ransom.
After receiving BTC, the attackers even provided some recommendations for protecting the corporate network from encryption viruses. They suggested changing user passwords once a month, configuring computer policies so that passwords are not stored in RAM, limiting the list of programs allowed to run, and installing an intrusion detection system. According to hackers, you should not rely on antivirus SOFTWARE. Also, an effective method is the round-the-clock duty of qualified system administrators.
Recall that in July, a hacker attack was carried out on the largest telecommunications company in Argentina, Telecom. The attackers demanded payment of $7.5 million in XMR within 48 hours, otherwise the hackers promised to double the amount of the ransom.