Travel Management Firm CWT Pays Out $4.5M in Bitcoin After Ransomware Attack

A U.S. travel management firm has paid out a fortune in bitcoin after its corporate files were locked up in a ransomware attack.

• According to a report by Reuters on Friday, travel firm CWT paid the 414 bitcoin ransom (worth $4.5 million at the time) as part of a deal to recover sensitive files encrypted by the Ragnar Locker ransomware that makes files inaccessible until a bounty has been paid.
• Hackers said 30,000 of the company's computers were caught up in the attack, although the number has since been disputed by a person familiar with the investigation, Reuters said.
• The conversation between the hackers and CWT was made public on Saturday, providing a rare insight into how the deal to recover the company's files was struck.
• In the conversation, a CWT representative can be seen asking how to recover their files and what steps were needed to resolve the problem.
• The company subsequently confirmed in a statement its systems were back online and that the incident had passed, but declined to comment further due to an ongoing investigation.
• CWT also said it had informed relevant U.S. and European Union law-enforcement agencies immediately after becoming aware of the incident.

See also: Bitcoin’s Ransomware Problem Won’t Go Away