Huge US travel company pays hackers $4.5 million Bitcoin ransom

Per Reuters, travel management firm CWT, which pulls in annual revenues of $1.5 billion, paid anonymous hackers 414 bitcoin this week in response to a ransomware attack that led to the theft of piles of company documents and left tens of thousands of company devices offline. 

The attackers used a ransomware technology known as Ragnar to encrypt company files, rendering them inaccessible to the company’s employees, according to documents seen by Reuters. CWT paid the ransom on July 28 to decrypt the files and regain access to some two terabytes of information, including employee data, financial documents and other information. 

“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased,” the company said in a statement. CWT stated that it is working with U.S. and European authorities.

“While the investigation is at an early stage, we have no indication that personally identifiable information/customer and traveller information has been compromised.” 

According to Reuters, the hackers originally demanded $10 million in bitcoin as ransom, but the company talked them down, citing COVID-strained finances as an excuse for not being able to pay the full bill.

Ransomware is a rampant problem for international businesses, incurring billions in costs annually. Since the inception of Bitcoin in 2008, cryptocurrencies have become central to this kind of cyber extortion. A May 2019 article in The Journal of Cybersecurity, for example, found that a minimum of  22 967.54 Bitcoin (or $259 million at current prices) was captured in ransom payments between 2013 and 2017.