World-famous Travel firm CWT (formerly Carlson Wagonlit Travel) based in the US paid $4.5 million worth of Bitcoins to hackers as a ransom. Ransomware hackers demanded $10 million worth of Bitcoins to restore the firm’s systems and delete the stolen sensitive data.

Hackers mentioned that it is cheaper to pay the ransom than taking legal action. As per a Reuters report published on the 31st of July, CWT paid hackers a fee of 414 Bitcoins on 27th July. The amount paid in two transactions and worth $ 4.5 million at the time. Blockchain ledger shows that the funds shifted to a different address within an hour.

As per the hackers, the method they used for the attack is Ragnar Locker Ransomware. By doing this, they achieved to disabled access to files over 30,000 computers at CWT.

Public negotiations to pay the Ransom

The negotiations to pay the ransom took place on a public online chat forum visible to everyone. One of the hackers and a CWT representative discussed the restoration of files and the amount they have to pay for their services. As a bonus, hackers offered recommendations as to how the firm can strengthen their security measures in the future upon the payments.

Online chat history: CWT representative and hackers. Source: Jack Stubbs

Expert Advise

Many individuals and organizations attacked by these ransomware cases resolve the issue by paying the ransom or accepting hacker’s demands. Victims do not take the risk of losing their valuable and sensitive data or falling it into the wrong hands. Hence one must take necessary precautions to avoid going through such incidents and strengthen their security measures.

Thomas Meskauskas – IT Security Expert explains that ransomware renames and encrypt files.

‘Typically, victims of ransomware cannot decrypt compromised files without the correct tools held only by the cybercriminals who designed the program. Unfortunately, this is the case with Ragnar Locker ransomware’

They do this by tampering with extension names and victims have no choice rather to accept hacker’s ransom demand. He further says that this can be avoided to some extent by taking necessary and timely backups of data.