The conversation with one of the pirates showed a tone of “cordiality” and even empathy. The hackers and the victims started bargaining over the ransom at USD 10 million and agreed on USD 4.5 million.

A ransomware attack against the multinational travel management company CWT led to negotiations for the payment in Bitcoin taking place in public. The hackers even offered a “benefit” of technical advice so that the company does not suffer from such vulnerability again.

The hackers used the Ragnar Locker ransomware to take control of the company’s 30,000 computers, according to digital media. At first, the criminals requested USD 10 million in Bitcoin to restore the data. However, the negotiations culminated in the payment of USD 4.5 million, according to the conversation between one of the hackers and the representative of the US company.

The extortionists had seized two terabytes of information including financial and security reports, as well as personal data on employees. In the conversation, the hackers ironically identified themselves as “Support” and explained what “services” they were offering. First, hey would decode all the information collected and, then, they would delete all the information downloaded onto their servers.

As a sign of their “good faith” to provide their “services,” the hackers offered to randomly decode two files “for free” to make the company realize that the software was working.

To make matters worse, the pirates offered a “special price” with a 20% discount if someone from the company replied in less than two days. Besides, they would receive a “prompt payment” discount. The representatives “appreciated” the offer and the criminals’ “friendliness,” but let them know that they were not able to pay the USD 8 million “special price.”

The CWT negotiator offered USD 3.7 million, but the hackers rejected the offer, requesting USD 4 million for the decoding and the rest of the funds for deleting the information that they stored on their servers. In total, the hackers obtained 414 BTC, according to Reuters.

Ridiculously, the CWT negotiator “thanked” the pirate for his “services”. The hacker replied that he was welcome to ask any further questions.

CWT reported the situation to law enforcement authorities in the USA and European data protection officers. Also, the company disclosed that the criminals restored their systems once they made the payment.

Ransomware and Bitcoin Payments

Ransomware is a malicious program that hackers use to remotely lock computers, encrypt information, and deprive victims of data control. Once they have successfully restricted access to files, the only way for the victims to recover them is by using the hackers’ own tool.

Those who commit this type of crime usually request payments in Bitcoin or privacy-focused cryptocurrencies like Monero. In six years, the victims have paid around USD 144 million worth of Bitcoin for ransomware attacks.

The US Federal Bureau of Investigation (FBI) noted in an investigation that hackers receive the payments and then send them to mixing services and cryptocurrency exchanges. By sending the funds to mixers, the hackers try to make more difficult the tracking to determine the origin of the cryptocurrencies.

By Willmen Blanco

LEAVE A REPLY

Please enter your comment!
Please enter your name here