A U.S. travel management firm has paid out a fortune in bitcoin after its corporate files were locked up in a ransomware attack.
- According to a report by Reuters on Friday, travel firm CWT paid the 414 bitcoin ransom (worth $4.5 million at the time) as part of a deal to recover sensitive files encrypted by the Ragnar Locker ransomware that makes files inaccessible until a bounty has been paid.
- Hackers said 30,000 of the company's computers were caught up in the attack, although the number has since been disputed by a person familiar with the investigation, Reuters said.
- The conversation between the hackers and CWT was made public on Saturday, providing a rare insight into how the deal to recover the company's files was struck.
- In the conversation, a CWT representative can be seen asking how to recover their files and what steps were needed to resolve the problem.
- The company subsequently confirmed in a statement its systems were back online and that the incident had passed, but declined to comment further due to an ongoing investigation.
- CWT also said it had informed relevant U.S. and European Union law-enforcement agencies immediately after becoming aware of the incident.