Hackers demand $4.5M USD to a travel company in exchange for not leaking their stolen data

A few days ago it emerged that CTW, a travel company, paid about $4.5 million in Bitcoin as a ransom to a hacker group that threatened to publish its confidential information. Although they were currently demanding $10 million to release the compromised information, threat actors claimed that paying them would be much less expensive than implementing an incident recovery process, in addition to the legal process required by the authorities in case of hacking.

After an arduous negotiation process, the hackers reduced their demands and accepted the amount mentioned; the Bitcoin address of the hackers shows a deposit of 414 Bitcoin, transaction made last July 28. It should be remembered that, like the rest of the tourism industry, CTW’s profits have been greatly diminished due to the pandemic.

Through a statement the company acknowledged the security incident, emphasizing that its operations are already carried out normally. In addition, CTW states that no malicious hacking group is present on its networks, dismissing the possibility of a data breach: “We can confirm that after temporarily shutting down our systems as a precautionary measure, we managed to stop the intrusion.”

Sources close to the incident claim that threat actors infected the company’s networks with the RagnarLocker ransomware variant, which would have allowed them to block access to compromised information and threats to the company by disclosing this data in hacking forums. 

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es bitcoinfault.jpg

Although sometimes victims of ransomware infections may look for online tools to decrypt their files without paying the criminals, there are so many variants of encryption malware that they will most likely have to pay criminals or look for ways to recover their information on their own.

One alternative that governments around the world have contemplated to stop ransomware groups is the abolition of Bitcoin or any other form of cryptocurrency, although cybersecurity specialists and virtual asset enthusiasts point out that this is a serious focus trouble. Recent studies claim that minimal portions of hacking incidents have to do with the use of cryptocurrencies, so their use should not be automatically related to some variant of online criminal activity.