[2020-08-03] Hack Forces Travel Company to Pay USD 4.6m in Bitcoin Ransom

[maniacmusic]

A recent hack of a major travel management firm has reportedly left attackers with USD 4.6m worth of bitcoin (BTC), after the company on July 28 was forced to pay to restore access to internal files, Reuters reported, citing a record of the ransom negotiations.

The attack targeted up to 30,0000 computers belonging to the US-based travel management firm CWT with a type of ransomware known as “Ragnar Locker” that encrypts all files on a computer, rendering them useless until a ransom is paid, the report said.

And although the travel firm did shell out BTC 414, currently worth about USD 4.6 million, the original demand from the hackers was reportedly far higher at USD 10 million. “It’s probably much cheaper than lawsuits expenses, reputation loss caused by leakage,” a message sent from the hackers to a CWT representative said, according to Reuters.

The company representative, who said he communicated with the hackers on behalf of the chief financial officer, then managed to negotiate the ransom down to USD 4.5 million, the report further said.

https://cryptonews.com/news/hack-forces-travel-company-to-pay-usd-4-6m-in-bitcoin-ransom-7304.htm

[1715382254]

1715382254

[1715382254]

1715382254

[1715382254]

1715382254

[1715382254]

1715382254

[Carlton Banks]

Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love
Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing


Q. Is step 3:

3a) Give them the $10 million. Why wouldn't you trust them?
3b) Give them nothing and take the hit. They've already proved they're total assholes

[stompix]

Q. Is step 3:

3a) Give them the $10 million. Why wouldn't you trust them?
3b) Give them nothing and take the hit. They've already proved they're total assholes

Step 3 is assessing the damage and worst-case scenario
3a) If the problem can't be solved without paying the ransom, how much is the company going to lose?
3b) If the sum is exceeding the ransom by an order of 100 does it really matter if you're going to pay 4 million extra for nothing on top of the other 400?

With a revenue of 1.5 billion, 4 million start looking like beer money.

Oh, and I do hope they have already made the plans for step number 0, get rid of the idiot who caused this.

[Carlton Banks]

Step 3 is assessing the damage and worst-case scenario
3a) If the problem can't be solved without paying the ransom, how much is the company going to lose?
3b) If the sum is exceeding the ransom by an order of 100 does it really matter if you're going to pay 4 million extra for nothing on top of the other 400?

then

step 4) Anonymous Someone takes the money, then reneges the deal, asking for more


do they go back to 3a) and 3b) after that happens?

[stompix]

~

then

step 4) Anonymous Someone takes the money, then reneges the deal, asking for more
do they go back to 3a) and 3b) after that happens?

In they do this, yes, there is no point paying again a ransom as the chances of actually getting the keys are pretty slim and the costs will start taking a serious bite, but at first, I would also vote for payment, I doubt hackers that are in this business would want to ruin their "reputation", as one case of a victim paying a ransom and not getting back their files would hurt their "business" far worse compared to what they could gain from extorting twice the same victim.

But I think they they are using the same logic as I did when they ask for the ransom, they are putting the price at a level where the people running that business will say, "What the hell, let's give it a try", at this point, it's already as worse as possible!

[Carlton Banks]

Major travel management firm, but they don't bother make various backup (e.g. online and offline backup) regularly. If they do it, i'm sure the damage would be less to the point they don't bother paid the ransom.

right

there are a huge number of circumstances under which any company can lose access to it's data or to their computer system, internet attackers is only one such possibility. Regular data backups insure you against all types of data loss problems.

If your company has no usable backups when whatever catastrophe hits you, you are responsible for that.

This company sound like they're begging to go out of business; what sort of going concern can afford a 400 BTC ransom, but not a few hundred dollars/year for data backup? Sounds like a potential scam in fact, maybe they're intending to use some kind of insurance policy or bankruptcy/asset stripping scam to defraud someone. It's interesting that this is a travel company, an industry for which there is no immediate future. Getting out while minimizing losses by any means necessary may seem attractive to owners of travel/tour operators right now.

[slaman29]

It's like the American uni a few months ago, also managed to negotiate with the hackers and in fact the hackers went back and forth quite a few times and eventually settled with just over 1 million dollars.

They say it's cheaper than lawsuits. Hope companies now realize good security is cheaper than paying ransoms!

[amishmanish]

In the hinterlands of developing countries of Asia and Africa, if you were a successful business-owner, contractor, well-paid lawyer/ doctor, there was a possibility that goons will always be looking to abduct your kin, especially children for ransom. Such people used to hire private bodyguards and fleets of vehicles to safeguard their family and avoid paying millions in ransom.

Yet, if someone was ransomed, you paid if you could pay and didn't go to the authorities. Its no surprise that the company negotiated and paid the hackers what they could. A company build from scratch is your proverbial child. Hope they learn their lesson and hire some "muscle" to safeguard them from the bandits of Information era.

[Karartma1]

Major travel management firm, but they don't bother make various backup (e.g. online and offline backup) regularly. If they do it, i'm sure the damage would be less to the point they don't bother paid the ransom.

right

there are a huge number of circumstances under which any company can lose access to it's data or to their computer system, internet attackers is only one such possibility. Regular data backups insure you against all types of data loss problems.

If your company has no usable backups when whatever catastrophe hits you, you are responsible for that.

This company sound like they're begging to go out of business; what sort of going concern can afford a 400 BTC ransom, but not a few hundred dollars/year for data backup? Sounds like a potential scam in fact, maybe they're intending to use some kind of insurance policy or bankruptcy/asset stripping scam to defraud someone. It's interesting that this is a travel company, an industry for which there is no immediate future. Getting out while minimizing losses by any means necessary may seem attractive to owners of travel/tour operators right now.

I agree the most with what I've just highlighted from your comment. It's either the CIO or some IT manager that need to repay big or as you said there's something more than meets the eye.

[Harlot]

The news indicated that even if CWT had paid the ransom the hackers have managed to stole 2 TB worth of information from the compromised computers containing employee information to security documents. This just shows us when it comes to ransomwares its really not good to give in the demands of the hackers as there is no guarantee that your files are untouched or will be clean after you pay. I'm wondering why these big companies don't have some kind of back up for data when something like this happen with their system since in this case they won't be pushed in a core like this one.

[bbc.reporter]

Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love
Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing


Q. Is step 3:

3a) Give them the $10 million. Why wouldn't you trust them?
3b) Give them nothing and take the hit. They've already proved they're total assholes

Step 1. Travel company should insist that payment should be in bitcoin.

Step 2. Use Coinbase to send the payment for hackers.

Step 3. Inform Coinbase what had occured and request for blockchain analysis.

[Harlot]

~snip~

Step 1. Travel company should insist that payment should be in bitcoin.

Step 2. Use Coinbase to send the payment for hackers.

Step 3. Inform Coinbase what had occured and request for blockchain analysis.

Not a really good idea especially when it comes to the face of the customers/users of Coinbase knowing that they can backtrack your transaction using them as a wallet payment. This will just look like Coinbase is a more centralized service rather than giving the users the freedom and some kind of privacy for their payments. Yeah it will give you the end result you are looking for but the only thing this will work is similar to those times where Coinbase will receive some kind of court order or subpoena ordering them to do so. But requesting the company directly from a person or company it may make them look bad on their service for the users overall.

[bbc.reporter]

@Harlot. It was a sarcastic comment hehehe. Clearly the hackers should demand payment in Monero, however, why not use Coinbase blockchain analytics for what it was created for hehe.

[pixie85]

I guess the cost of rebuilding their database would be greater than 4 million.

I wonder how they got infected in the first place. The average employee doesn't have server access just his workstation and malware installed on a workstation should not infect the main server. It had to be done by someone higher in the corpo chain

They're not the first and not the last company to pay. Garmin paid more than 4 million.

[stomachgrowls]

Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love
Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing


Q. Is step 3:

3a) Give them the $10 million. Why wouldn't you trust them?
3b) Give them nothing and take the hit. They've already proved they're total assholes

Step 1. Travel company should insist that payment should be in bitcoin.

Step 2. Use Coinbase to send the payment for hackers.

Step 3. Inform Coinbase what had occured and request for blockchain analysis.

Do you really believe that those hackers would took off the bait and would follow on what you had insisted? In most cases they are the ones who would demand on what would be the
payment terms on said ransom.They arent just dumb to make use of Coinbase to let themselves being traced but rather they would give out a specific own address and wouldnt mind on how they do convert it to cash.
since the company is on the side which would need to follow on whats being instructed then they wont have any choice but to follow if they are really that serious on getting those keys because they do know that
whats on stake if they dont agree with the terms.They wont just have a minimal financial damage if they do just skip and let it go this is why they are really willing to pay up the ransom..Just always have the doubt if those
hackers will really be that honest with the deal or would simply ask out again for money even though they had already given the 4M usd.

I guess the cost of rebuilding their database would be greater than 4 million.

I wonder how they got infected in the first place. The average employee doesn't have server access just his workstation and malware installed on a workstation should not infect the main server. It had to be done by someone higher in the corpo chain

They're not the first and not the last company to pay. Garmin paid more than 4 million.

We dont know but one things for sure that neither it would be an inside job or totally being hacked since nothing on this world that cant really be bypassed.

[bbc.reporter]

Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love
Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing


Q. Is step 3:

3a) Give them the $10 million. Why wouldn't you trust them?
3b) Give them nothing and take the hit. They've already proved they're total assholes

Step 1. Travel company should insist that payment should be in bitcoin.

Step 2. Use Coinbase to send the payment for hackers.

Step 3. Inform Coinbase what had occured and request for blockchain analysis.

Do you really believe that those hackers would took off the bait and would follow on what you had insisted? In most cases they are the ones who would demand on what would be the
payment terms on said ransom.They arent just dumb to make use of Coinbase to let themselves being traced but rather they would give out a specific own address and wouldnt mind on how they do convert it to cash.
since the company is on the side which would need to follow on whats being instructed then they wont have any choice but to follow if they are really that serious on getting those keys because they do know that
whats on stake if they dont agree with the terms.They wont just have a minimal financial damage if they do just skip and let it go this is why they are really willing to pay up the ransom..Just always have the doubt if those
hackers will really be that honest with the deal or would simply ask out again for money even though they had already given the 4M usd.

I did not say ask the hackers to use Coinbase. That would be stupid hehe. The travel company should use Coinbase and request their blockchain analytics company for an analysis of the transactions on the hacker's wallet.

Are you aware that Coinbase has become similar to a government contractor but for blockchain intelligence?