Security News > 2020 > July > Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demand

Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demand
2020-07-31 21:17

According to reports, Minnesota-based business travel company CWT is the latest victim of the latest trend in ransomware.

We're probably at the point where we need to stop calling them just "Ransomware" attacks, because it's increasingly common that there's a lot more to these attacks than just locking you out of your files, which is how we usually think of ransomware.

The early ransomware attackers went out of their way to provide the decryption keys to those who paid up as quickly as they could - paradoxically building up a reputation for ransomware gangs as "Crooks who could be trusted".

A recent survey conducted by Sophos suggests that self-recovery after a ransomware attack typically costs much less than paying the crooks, for the simple reason that even after the crooks send you the decryption program, you still need to run it across all your systems, which requires much the same sort of time and effort as restoring backups.

Use tools such as Sophos Phish Threat to train your users to recognise scammy emails - phished passwords are also a common way for ransomware criminals to get in and form their beachhead. Set up an internal email or telephone reporting line where users can report nascent attacks and get the whole company to be eyes and ears for the security team.


News URL

https://nakedsecurity.sophos.com/2020/07/31/travel-company-cwt-avoids-ransomware-derailment-by-paying-4-5m-blackmail-demand/