Travel Management Firm CWT Pays Out $4.5M in Bitcoin After Ransomware Attack

The U.S. firm paid out a ransom of 414 bitcoin after its corporate files were locked up by the Ragnar Locker malware.

Aug 3, 2020 at 1:01 p.m. UTC
Updated Sep 14, 2021 at 9:39 a.m. UTC

A U.S. travel management firm has paid out a fortune in bitcoin after its corporate files were locked up in a ransomware attack.

  • According to a report by Reuters on Friday, travel firm CWT paid the 414 bitcoin ransom (worth $4.5 million at the time) as part of a deal to recover sensitive files encrypted by the Ragnar Locker ransomware that makes files inaccessible until a bounty has been paid.
  • Hackers said 30,000 of the company's computers were caught up in the attack, although the number has since been disputed by a person familiar with the investigation, Reuters said.
  • The conversation between the hackers and CWT was made public on Saturday, providing a rare insight into how the deal to recover the company's files was struck.
  • In the conversation, a CWT representative can be seen asking how to recover their files and what steps were needed to resolve the problem.
  • The company subsequently confirmed in a statement its systems were back online and that the incident had passed, but declined to comment further due to an ongoing investigation.
  • CWT also said it had informed relevant U.S. and European Union law-enforcement agencies immediately after becoming aware of the incident.


The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.