Business travel giant CWT says its systems are back up after a temporary shutdown that was put into action following a cybersecurity breach.
Late last week, Reuters published details of the corporate travel giant paying out $4.5 million to hackers in a ransomware attack.
According to the report, the attackers used ransomware that encrypts files so that they cannot be used until access is restored.
The company acknowledged that it had been prey to a cyber incident but declined to provide further details, including whether it had paid off the hackers.
“We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased. We immediately launched an investigation and engaged external forensic experts. While the investigation is at an early stage, we have no indication that PII/customer and traveler information has been compromised. The security and integrity of our customers’ information is our top priority.”
Matt Radolec, director of security architecture and incident response at Varonis, says the incident is the "latest, and unfortunately, will not be the last, example of big-game ransomware – sophisticated attackers that focus on lucrative targets, perform reconnaissance and steal valuable and private information before unleashing ransomware on the victim’s networks."
He adds: "Big-game ransomware places companies in a bind: even if they have done just about everything right and performed backups across their data and systems, they may have no choice other than paying. If victims refuse to pay, their sensitive information could be released to the world.
"It’s extortion, really - the ransomware element serves to add immediacy and tells the victim that they mean business. Criminals follow the money, and cybercrime is easier and far more lucrative than robbing a physical bank ever was. The success – and sizable payouts from the victims - mean these techniques are here to stay.”
The travel industry has experienced an increasing number of attacks in recent years, and some experts believe the COVID-19 pandemic could exacerbate the problem.
Experts anticipate fraudsters to take advantage of travel companies as travel restrictions lift, and companies are trying to claw back much-needed revenue.
In February, details emerged of a security breach that took place last year, involving the personal details of more than 10 million customers of MGM Resorts being shared on a hacker forum.
Then in March, Marriott International said it had been the victim of a second data breach involving the details of as many as 5.2 million guests.
Similarly, in May, easyJet said it would be contacting around nine million passengers to notify them of a serious database security hack.