Lockbit ransomware gang demanded an 80 million ransom to CDW

Lockbit ransomware gang demanded an 80 million ransom to CDW

Pierluigi Paganini
October 14, 2023

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data.

The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site.

CDW Corporation is a provider of technology solutions and services for business, government and education. A secondary division of the company, known as CDW-G, focuses on United States governmental entities, including as K-12 schools, universities, non-profit healthcare organizations, State & Local and the Federal government.

The LockBit ransomware gang demanded an $80 million ransom, but the group claims that the company only offered $1 million.

“All the Nasdaq-listed corporation was able to offer was $1,100,000 dollars of the requested $80,000,000 dollars” reads the message published on the dark web leak site of the group.

CDW Lockbit

“We published them because in the negotiation process a $20 billion company refuses to pay adequate money,” a representative of the gang told The Register. “As soon as the timer runs out you will be able to see all the information, the negotiations are over and are no longer in progress. We have refused the ridiculous amount offered.”

CDW revealed that it had detected suspicious activity related to the Sirius Federal servers and quickly launched an investigation with the help of external cybersecurity experts.

“we are addressing an isolated IT security matter associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small U.S. subsidiary of CDW-G.” The servers are “non-customer-facing” and are “isolated from our CDW network and other CDW-G systems,” reads a statement sent by the company to CRN on Thursday.

The company pointed out that its systems remain fully operational.

“We are aware that a third party has made data available on the dark web which it claims to have taken from this environment,” CDW added. “As part of the ongoing investigation, we are reviewing this data and will take appropriate action in response – including directly notifying anyone affected, as appropriate.”

Brett Callow, threat analyst at the cybersecurity firm Emsisoft explained that the ransom demand for this case is the 3rd largest ransom demand, at least, among those that became publicly known.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)