CWT, a Minnesota based travel company has made it official that it had paid $4.5 million in Bitcoins or 414BTC to free up their data from file encryption malware. Although the statement was not official, a report published by Reuters has confirmed the same and added that the database was locked down by Ragnar Locker Ransomware.
Information is out that the cyber crooks infiltrated the network through a phishing email and locked down over 30,000 computers- a number that remains disputed as per the person familiar with the incident.
A third party Cybersecurity expert was called on to negotiate the ransom amount with the hackers, and the company brought back its data online by the early hours of Sunday.
All the law enforcement authorities in United States and Europe along with the data watchdogs have been informed about the cyber incident.
FBI is urging companies not to pay the ransom as it encourages crime and instead is asking the businesses to up their backup and disaster recovery quotients.
Note 1- CWT stands for Carlson Wagonlit Travel Company that offers businesses the privilege to hold meetings, travel schedules, incentives, conferencing, exhibitions and other event management issues. Till February 2019, the company was known as Carlson, after which it was rebranded as CWT.
Note 2- As per the sources reporting to Cybersecurity Insiders, the hackers got hold of 2 terabytes of company data and moved it to remote servers and threatened to publish it on the dark web if CWT failed to pay the ransom on time.