Pierluigi Paganini
October 14, 2023
The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site.
CDW Corporation is a provider of technology solutions and services for business, government and education. A secondary division of the company, known as CDW-G, focuses on United States governmental entities, including as K-12 schools, universities, non-profit healthcare organizations, State & Local and the Federal government.
The LockBit ransomware gang demanded an $80 million ransom, but the group claims that the company only offered $1 million.
#LockBit has published 2 posts with CDWG data to its leak site. The data leaked looks pretty bad from both a security and business pov. Data in the archives suggest it is associated with employee badges, audits, commission payout data, and other account-related information. pic.twitter.com/avGPkz3ekt
— Jon DiMaggio (@Jon__DiMaggio) October 12, 2023
“All the Nasdaq-listed corporation was able to offer was $1,100,000 dollars of the requested $80,000,000 dollars” reads the message published on the dark web leak site of the group.
“We published them because in the negotiation process a $20 billion company refuses to pay adequate money,” a representative of the gang told The Register. “As soon as the timer runs out you will be able to see all the information, the negotiations are over and are no longer in progress. We have refused the ridiculous amount offered.”
CDW revealed that it had detected suspicious activity related to the Sirius Federal servers and quickly launched an investigation with the help of external cybersecurity experts.
“we are addressing an isolated IT security matter associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small U.S. subsidiary of CDW-G.” The servers are “non-customer-facing” and are “isolated from our CDW network and other CDW-G systems,” reads a statement sent by the company to CRN on Thursday.
The company pointed out that its systems remain fully operational.
“We are aware that a third party has made data available on the dark web which it claims to have taken from this environment,” CDW added. “As part of the ongoing investigation, we are reviewing this data and will take appropriate action in response – including directly notifying anyone affected, as appropriate.”
Brett Callow, threat analyst at the cybersecurity firm Emsisoft explained that the ransom demand for this case is the 3rd largest ransom demand, at least, among those that became publicly known.
This is the 3rd largest ransom demand – at least, among those that became publicly known. #CDW #ransomware pic.twitter.com/wcYp50L2Is
— Brett Callow (@BrettCallow) October 11, 2023
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
