CDW investigating ransomware gang claims of information theft

The multibillion-dollar know-how providers agency CDW mentioned it’s investigating claims made by a ransomware gang that knowledge was stolen throughout a cyberattack.

A spokesperson for the corporate – which reported revenues over $23 billion in 2022 – mentioned they’re presently “addressing an remoted IT safety matter related to knowledge on a number of servers devoted solely to the inner assist of Sirius Federal, a small U.S. subsidiary of CDW-G.”

CDW-G is a secondary division of the corporate devoted to offering know-how providers to U.S. authorities organizations like faculties, hospitals and state-level entities.

“These servers, that are non-customer-facing, are remoted from our CDW community and different CDW-G techniques. Our safety protocols detected and contained suspicious exercise associated to those servers,” the spokesperson mentioned.

“We instantly launched an investigation with the assist of main inside and exterior cybersecurity consultants. As well as, now we have contacted acceptable authorities authorities concerning this matter.”

The corporate has confronted no operational points and haven’t seen proof of any assaults on different CDW techniques.

CDW additionally addressed claims made this week by the LockBit ransomware gang, which demanded an $80 million ransom in return for the information however was solely supplied $1 million, allegedly. A consultant of the gang even spoke to a information outlet to complain concerning the lowball supply.

Ever surprise how arduous it’s to be a #ransomware negotiator? #LockBit’s leak website exhibits what they’re up towards. LockBit needs $80 mil and CDWG is prepared to pay $1.1 mil. That may be a massive distinction. I can’t think about attempting to return to an settlement if you find yourself this far off. pic.twitter.com/KCYB4LxYwG

— Jon DiMaggio (@Jon__DiMaggio) October 11, 2023

“We’re conscious {that a} third social gathering has made knowledge out there on the darkish net which it claims to have taken from this setting,” CDW mentioned. “As a part of the continued investigation, we’re reviewing this knowledge and can take acceptable motion in response – together with instantly notifying anybody affected, as acceptable.”

Cybersecurity professional Jon DiMaggio – who beforehand infiltrated the LockBit group – said the information leaked from CDW “appears to be like fairly unhealthy” from each a safety and enterprise standpoint.

“Knowledge within the archives recommend it’s related to worker badges, audits, fee payout knowledge, and different account-related info,” he mentioned.

If correct, the $80 million demand can be one of many highest ever aired publicly. The REvil ransomware gang requested for $50 million in 2021 from Taiwanese pc maker Acer.

The LockBit ransomware gang continues to function with close to impunity, remaining probably the most prolific attackers presently working. The gang crippled a significant hospital community in New York, a metropolis in France and {an electrical} group run by the federal government of Montreal all within the final month.

Final week they attacked a faculty district in Virginia.