CDW investigating ransomware gang claims of data theft
The multibillion-dollar technology services firm CDW said it is investigating claims made by a ransomware gang that data was stolen during a cyberattack.
A spokesperson for the company – which reported revenues over $23 billion in 2022 – said it is currently “addressing an isolated IT security matter associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small U.S. subsidiary of CDW-G.”
CDW-G is a secondary division of the company dedicated to providing technology services to U.S. government organizations like schools, hospitals and state-level entities.
“These servers, which are non-customer-facing, are isolated from our CDW network and other CDW-G systems. Our security protocols detected and contained suspicious activity related to these servers,” the spokesperson said.
“We immediately launched an investigation with the support of leading internal and external cybersecurity experts. In addition, we have contacted appropriate government authorities regarding this matter.”
The company has faced no operational issues and have not seen evidence of any attacks on other CDW systems.
CDW also addressed claims made this week by the LockBit ransomware gang, which demanded an $80 million ransom in return for the data but was only offered $1 million, allegedly. A representative of the gang even spoke to a news outlet to complain about the lowball offer.
Ever wonder how hard it is to be a #ransomware negotiator? #LockBit’s leak site shows what they are up against. LockBit wants $80 mil and CDWG is willing to pay $1.1 mil. That is a big difference. I can’t imagine trying to come to an agreement when you are this far off. pic.twitter.com/KCYB4LxYwG
— Jon DiMaggio (@Jon__DiMaggio) October 11, 2023
“We are aware that a third party has made data available on the dark web which it claims to have taken from this environment,” CDW said. “As part of the ongoing investigation, we are reviewing this data and will take appropriate action in response – including directly notifying anyone affected, as appropriate.”
Cybersecurity expert Jon DiMaggio – who previously infiltrated the LockBit group – said the data leaked from CDW “looks pretty bad” from both a security and business standpoint.
“Data in the archives suggest it is associated with employee badges, audits, commission payout data, and other account-related information,” he said.
If accurate, the $80 million demand would be one of the highest ever aired publicly. The REvil ransomware gang asked for $50 million in 2021 from Taiwanese computer maker Acer.
The LockBit ransomware gang continues to operate with near impunity, remaining the most prolific attackers currently operating. The gang crippled a major hospital network in New York, a city in France and an electrical organization run by the government of Montreal all in the last month.
Last week they attacked a school district in Virginia.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.