The ransomware Ragnar Locker appears to have almost surgical effectiveness. This malicious software belongs to a category of malware called rescue malware, and its strategy is well known: When it infects a computer or an entire network, it encrypts its files to prevent its rightful owner from accessing its content. To regain control of the information and return to normal, the victim is forced pay a “ransom” in a cryptocurrency so that the transaction cannot be tracked.
This is precisely what happened a few days ago to CWT, an American business travel and event management company that was defeated by one or more hackers who managed to infect the ransomware Ragnar Locker your network. We know how much the the Pirates, how the trading went, and how much bitcoin cash CWT ultimately paid off, but most surprisingly, their entire conversation has been recorded in a chat which was eventually featured on Twitter. Bargaining included. And it is not wasted.
An interesting thing happened on the Internet with a week. The American travel management company has been hit by the Ragnar Locker ransomware. The company agreed to pay and handed over $ 4.5 million in bitcoin https://t.co/d993WjaXCF pic.twitter.com/VtSpV2rNyB
– Jack Stubbs (@jc_stubbs) 31 juillet 2020
The surprising negotiation, step by step
Sadly, every day happens thousands of computer attacks networks of large companies, as well as computers of ordinary users. That a large company is affected by these practices and decides to pay the Pirates The responsibility to regain control of your information is not current, but all negotiation and subsequent haggling has been publicly exposed it is.
The extortion CWT has been subjected to is currently in the hands of authorities, but it is difficult for investigators to finally find those responsible as the the Pirates who are able to effectively attack a large company, which may have advanced protection measures, rarely leaves the ends free. And tracking bitcoin payment is next to impossible. Beyond all this, the most shocking thing is that all the negotiations between the representative of CWT and the the Pirates responsible ran with an insulting disposition. Almost, even, cordially.
In the screenshot we just saw the Pirates they assure CWT of having infected 30,000 computers spread over its global network, and they offer to pay him 10 million dollars in bitcoins if they want to get the decryption software. In addition, the hackers assure them that if they make the payment, they will erase any confidential information that was stolen from CWT from their servers and, as a tip, they will recommend what they should do so as not to be exposed to this. way in the future. .
The CWT representative responds that the $ 10 million they are asking for is excessive and ask for the special price that apparently the the Pirates they were promised in their first message. And they argue that paying will be more profitable than being exposed to the loss of reputation associated with the publication of the stolen information and the cost of legal action. If CWT pays soon, the the Pirates They will give you a special price.
The negotiation begins. CWT maintains that it is going through difficult economic times, which implies that it is affected by the COVID-19 pandemic, and is making an offer to the Pirates: to pay for $ 3.7 million instead of the special price of 8 million that the pirates are asking for. The latter reject the offer and offer the American company the immediate payment of $ 4 million to obtain the decryption software, and the subsequent payment of the rest of the money to obtain them. the Pirates remove stolen data from your servers.
Apparently, the negotiation was finally closed, agreeing that CWT would pay $ 4.5 million in bitcoin for the rescue of their data. And the payment has been made because, as you can see in the previous screenshot, the the Pirates, as promised, they send CWT a detailed list of recommendations that can help this company prevent future attacks of this magnitude in the future.
Perhaps most surprising of all is the farewell, in which the two sides thank each other with the same cordiality they would have used had they closed. a legitimate business. In fact, the the Pirates They come to congratulate CWT by thanking the head of the company for his professionalism. If we weren’t sure about the criminal nature and seriousness of it all, it looks like this conversation could have been taken straight from a Billy Wilder movie.
Source : Engadget