September 20, 2020

Volume X, Number 264

September 18, 2020

Subscribe to Latest Legal News and Analysis

Can it Get any Worse? Travel Giant CWT Pays $4.5 Million USD Ransom to Hackers who Stole Corporate Files and Knocked 30,000 Computers Offline

In these unprecedented times, where travel around the globe is primarily halted as nations get to grips with controlling the outbreak of COVID-19, many would think it couldn’t get any worse for travel companies. However, they would be wrong, as according to an article from ITNews, American travel management giant CWT has reportedly paid a whopping 414 bitcoin, equivalent to a value of 4.5 Million USD (approximately 6.3 Million AUD), to hackers who successfully exfiltrated over 2 terabytes of sensitive corporate files.

According to the Article, the successful hackers used a strain of ransomware referred to as “Ragnar Locker” which places computer files into a virtual prison through encryption and renders them unusable until the victim pays for the keys. Then in CWT had to negotiate in a public chat forum to pay for the release.  It gives us a rare insight into the dialogue that followed. CWT negotiated the hackers down from their initial demand of 10 Million USD. According to the Report, whilst the hackers claimed to have stolen over 2 terabytes of files including financial reports, security documents and employees’ personal data, it was not clear whether any customer data was compromised.

This reinforces a message explored in one of our previous Blogs in the circumstances of cyber attackers using computer generated applications to attempt to obtain bushfire relief assistance, being that even in the lowest of times, cyber attackers lurk, ready to take advantage of business’ critical weaknesses. Cyber attacks such as these are a consistent threat to businesses and often are most prevalent in times of crisis where business efforts shift away from data security on to “more pressing matters”. Our message is to always stay protected, stay alert and to never take your eyes off data security measures and processes, as the one time you do, they’ll be there waiting to pounce.

Copyright 2020 K & L GatesNational Law Review, Volume X, Number 217


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Max Evans Lawyer technology matters, Software as a Service Agreements SaaS Sydney

Mr. Evans is a corporate and transactional lawyer with a focus on information technology and outsourcing. He provides assistance on a broad range of technology matters, including Software as a Service Agreements (SaaS), terms and conditions for software products and platforms as well as software procurement and outsourcing projects. Mr. Evans also provides assistance with technology and privacy aspects of mergers and acquisitions transactions.

Professional Background

Prior to joining K&L Gates, Mr. Evans worked in the insolvency and bankruptcy practice of a Boutique Insolvency Law Firm in Sydney for two years.