image
CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. Independent malware hunter @JAMESWT tweeted on Thursday that a malware sample used against CWT (formerly known as Carlson Wagonlit Travel) had been uploaded to VirusTotal on July 27; he also included a ransom note indicating that the ransomware in question is Ragnar Locker. In a media statement to Threatpost, CWT confirmed the cyberattack, which it said took place this past weekend: “We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased.” @JAMESWT also reported that the ransom demanded clocked in at 414 Bitcoin, or about $4.5 million at the current exchange rate. A CWT spokesperson declined to comment on whether the ransom was paid, or any technical details of the attack, or how it was able to recover so quickly. Despite assurances of recovery, the impact of the incident could be wide: CWT says that it provides travel services to 33 percent of the Fortune 500 and countless smaller companies. And according to the ransom note uploaded by @JAMESWT, the hackers claim to have downloaded 2TB of the firm’s data, including “billing info, insurance cases, financial reports, business audit, banking accounts…corporate correspondence…[and] information about your clients such as AXA Equitable, Abbot Laboratories, AIG,…

Source