US corporate travel firm CWT paid a ransom of 414 BTC ($ 4.5 million) to hackers who encrypted the company’s files and stole sensitive data from it.
The cybercriminals used the ransomware virus Ragnar Locker to gain access to the CWT servers and computers. They were able to infect more than 30,000 company computers and steal sensitive data. Initially, the hackers asked for a ransom in the amount of $ 10 million, but after negotiations, the amount was reduced to $ 4.5 million. On July 27, 414 BTC were transferred to the ransomware wallet in two transactions. Then, within an hour, the attackers moved funds to a different address.
Twitter social network user Jack Stubbs, who is a correspondent for Reuters, published the correspondence of CWT representatives with hackers. The attackers noted that in the event of disclosure of data, claims against the company “will cost much more” than paying a ransom.
After receiving BTC, the attackers even provided some recommendations for protecting the corporate network from ransomware viruses. They suggested changing user passwords once a month, adjusting computer policy so that passwords are not stored in RAM, limiting the list of programs allowed to run, and installing an intrusion detection system. Don’t rely on antivirus software, according to hackers. A 24-hour duty of qualified system administrators is also an effective method.
Recall that in July, a hacker attack was carried out on the largest telecommunications company in Argentina Telecom. The attackers demanded the payment of $ 7.5 million in XMR within 48 hours, otherwise the hackers promised to double the ransom amount.