Business travel management firm CWT reportedly paid $4.5 million in Bitcoin to attackers who launched a ransomware campaign against the company, Reuters reports.
The campaign reportedly leveraged Ragnar Locker ransomware. In a ransom note on infected devices, the attackers claimed to steal two terabytes of CWT files including financial reports, security documents, and employees' personal data, including email addresses and salary data. It's currently unclear whether information belonging to CWT customers was also affected.
Attackers first demanded $10 million to restore these files and delete stolen information, the report states, citing messages between the attackers and CWT. A company representative agreed to pay $4.5 million, or 414 bitcoin, which was received by the attackers on July 28.
Negotiations also indicated the attackers took 30,000 computers offline; however, a person familiar with the case says the number of affected devices was "considerably less" than that.
Read more details here.