{"id":270619,"date":"2020-08-03T16:05:48","date_gmt":"2020-08-03T20:05:48","guid":{"rendered":"https:\/\/insidebitcoins.com\/?p=270619"},"modified":"2021-08-28T02:51:32","modified_gmt":"2021-08-28T06:51:32","slug":"cwt-coughs-up-over-400-btc-in-brutal-ransomware-attack","status":"publish","type":"post","link":"https:\/\/insidebitcoins.com\/news\/cwt-coughs-up-over-400-btc-in-brutal-ransomware-attack","title":{"rendered":"CWT Coughs Up Over 400 BTC in Brutal Ransomware Attack"},"content":{"rendered":"
Ransomware attackers have terrorized companies and individuals for long. This week, they appear to have struck gold once again.\u00a0<\/span>This time, it concerns CWT, an American corporate travel firm. Per a <\/span>report<\/span><\/a> from Reuters, the company paid out millions in ransom demands to attackers as it looked to limit downtime.<\/span><\/p>\n As the report explained, the firm, which used to be known as Carlson Wagonlit Travel, paid 414 BTC (worth about $4.5 million at the time) on July 27 over two transactions. <\/span>Blockchain analysis data<\/span><\/a> shows that the hackers immediately transferred the funds to a separate account.\u00a0<\/span>Per the report, the attackers claimed that they used the Ragnar Locker ransomware to lock the company\u2019s officials from files on about 30,000 computers. At the same time, they stole sensitive data from the firm too.<\/span><\/p>\n While they initially requested $10 million, they accepted less than half of their request after a firm’s representative claimed that the company’s finances took a hit during the pandemic. The representative eventually managed to talk the hackers down.<\/span><\/p>\n Even better, the hackers gave the CWT representative some tips on how they could improve their security measures. <\/span>Chat records<\/span><\/a> show that the hackers recommended updating their passwords every month, checking their user privileges, and having at least three network administrators on the job at all times.<\/span><\/p>\n \u201cIt’s a pleasure to work with professionals,\u201d the hackers ended the chat with CWT.\u00a0<\/span><\/p><\/blockquote>\n Ransomware attacks have been particularly rampant in the tech industry. Companies have been on high alert since the pandemic began, with most of them having to rely more on the internet for their operations.<\/span><\/p>\n Last week, an official at multinational tech company Garmin <\/span>told<\/span><\/a> Bleeping Computer that the firm\u2019s network had suffered an attack with the WastedLocker ransomware. The ransomware is a product of renowned ransomware group REvil.<\/span><\/p>\n The company official explained that Garmin\u2019s support services, navigation solutions, and other core operations had been affected. REvil asked for a $10 million fine \u2013 like the CWT attackers \u2014 to be paid in cryptocurrencies. <\/span>Garmin eventually admitted to the issues in an official <\/span>press release<\/span><\/a>. However, unlike Bleeping Computer, it didn\u2019t go into many details.\u00a0<\/span><\/p>\n It\u2019s worth noting that Garmin\u2019s services are back. The company\u2019s most recent tweet claimed that many of the systems that were affected by the hack had returned to operation. However, it is now a question of what the firm had done to get its services back.<\/span><\/p>\n Evil Corp, the company behind the REvil ransomware, is in uncharted waters. The company\u2019s leader, a Russian named Maskim Yakubets, is facing an indictment from the United States Department of Justice. He is also<\/span> listed<\/span><\/a> as one of the FBI\u2019s Most Wanted men, with a $5 million reward set for his discovery.<\/span><\/p>\n The FBI listing claims that Yakubets is wanted for his involvement in a malware operation that affected thousands of computers in Europe and North America. Given that American companies are restricted from doing business with sanctioned individuals and organizations, it\u2019s worth asking how the firm managed to get back online.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"A Cordial Hacker-Victim Relationship<\/b><\/h2>\n
Garmin\u2019s Intriguing Road to Recovery<\/b><\/h2>\n