CWT Coughs Up Over 400 BTC in Brutal Ransomware Attack Author: Jimmy Aki Last Updated: 03 August 2020 Ransomware attackers have terrorized companies and individuals for long. This week, they appear to have struck gold once again. This time, it concerns CWT, an American corporate travel firm. Per a report from Reuters, the company paid out millions in ransom demands to attackers as it looked to limit downtime. A Cordial Hacker-Victim Relationship As the report explained, the firm, which used to be known as Carlson Wagonlit Travel, paid 414 BTC (worth about $4.5 million at the time) on July 27 over two transactions. Blockchain analysis data shows that the hackers immediately transferred the funds to a separate account. Per the report, the attackers claimed that they used the Ragnar Locker ransomware to lock the company’s officials from files on about 30,000 computers. At the same time, they stole sensitive data from the firm too. While they initially requested $10 million, they accepted less than half of their request after a firm’s representative claimed that the company’s finances took a hit during the pandemic. The representative eventually managed to talk the hackers down. Even better, the hackers gave the CWT representative some tips on how they could improve their security measures. Chat records show that the hackers recommended updating their passwords every month, checking their user privileges, and having at least three network administrators on the job at all times. “It’s a pleasure to work with professionals,” the hackers ended the chat with CWT. Garmin’s Intriguing Road to Recovery Ransomware attacks have been particularly rampant in the tech industry. Companies have been on high alert since the pandemic began, with most of them having to rely more on the internet for their operations. Last week, an official at multinational tech company Garmin told Bleeping Computer that the firm’s network had suffered an attack with the WastedLocker ransomware. The ransomware is a product of renowned ransomware group REvil. The company official explained that Garmin’s support services, navigation solutions, and other core operations had been affected. REvil asked for a $10 million fine – like the CWT attackers — to be paid in cryptocurrencies. Garmin eventually admitted to the issues in an official press release. However, unlike Bleeping Computer, it didn’t go into many details. It’s worth noting that Garmin’s services are back. The company’s most recent tweet claimed that many of the systems that were affected by the hack had returned to operation. However, it is now a question of what the firm had done to get its services back. Evil Corp, the company behind the REvil ransomware, is in uncharted waters. The company’s leader, a Russian named Maskim Yakubets, is facing an indictment from the United States Department of Justice. He is also listed as one of the FBI’s Most Wanted men, with a $5 million reward set for his discovery. The FBI listing claims that Yakubets is wanted for his involvement in a malware operation that affected thousands of computers in Europe and North America. Given that American companies are restricted from doing business with sanctioned individuals and organizations, it’s worth asking how the firm managed to get back online.