The United States-based travel management company, Carlson Wagonlit Travel (CWT), successfully completed a transaction with hackers who stole company data and knocked tens of thousands of company computers offline. The transaction, which was negotiated and agreed upon through a publicly accessible online chat, stated that if CWT were to pay $4.5 million to the hackers within 24 hours of the messages (occurring on 7/27/2020), then the hackers would delete all of CWT’s data from their servers and supply the company with decryption software to restore all computers affected by the hack.
The perpetrators used a strain of ransomware called “Ragnar Locker” to attack the company’s data. Ragnar Locker is actually able to take the data hostage, encrypting it and essentially making it useless. The victims of these attacks are then forced to succumb to the demands of the hackers or lose access to the data permanently. When it comes to large companies like CWT, the data is often extremely sensitive and frequently personal. Attacks like these put the companies’ data, along with the data of their clients at risk. CWT is believed to have had two terabytes of files, which included financial reports, security documents and other sensitive data stolen.
CWT claims to have immediately reported the hack to United States law enforcement and data protection authorities, located in Europe. Despite the swift action, they were left to decide whether to continue risking the data of employees and clients or roll the dice on trusting the hackers to pull through their side of the bargain, and paying the ransom. Following payment, which was completed using the cryptocurrency Bitcoin, it was reported that the hackers did indeed stick to their word and supplied decryption software. It is also currently assumed, although it may never officially be confirmed, that they did delete all CWT data from their servers.