A U.S. travel management firm has paid out a fortune in bitcoin after its corporate files were locked up in a ransomware attack.
- According to a report by Reuters on Friday, travel firm CWT paid the 414 bitcoin ransom (worth $4.5 million at the time) as part of a deal to recover sensitive files encrypted by the Ragnar Locker ransomware that makes files inaccessible until a bounty has been paid.
- Hackers said 30,000 of the company's computers were caught up in the attack, although the number has since been disputed by a person familiar with the investigation, Reuters said.
- The conversation between the hackers and CWT was made public on Saturday, providing a rare insight into how the deal to recover the company's files was struck.
- In the conversation, a CWT representative can be seen asking how to recover their files and what steps were needed to resolve the problem.
- The company subsequently confirmed in a statement its systems were back online and that the incident had passed, but declined to comment further due to an ongoing investigation.
- CWT also said it had informed relevant U.S. and European Union law-enforcement agencies immediately after becoming aware of the incident.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.