CDW investigating ransomware gang claims of data theft

Avatar

The multibillion-dollar technology services firm CDW said it is investigating claims made by a ransomware gang that data was stolen during a cyberattack.

A spokesperson for the company – which reported revenues over $23 billion in 2022 – said they are currently “addressing an isolated IT security matter associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small U.S. subsidiary of CDW-G.”

CDW-G is a secondary division of the company dedicated to providing technology services to U.S. government organizations like schools, hospitals and state-level entities.

“These servers, which are non-customer-facing, are isolated from our CDW network and other CDW-G systems. Our security protocols detected and contained suspicious activity related to these servers,” the spokesperson said.

“We immediately launched an investigation with the support of leading internal and external cybersecurity experts. In addition, we have contacted appropriate government authorities regarding this matter.”

The company has faced no operational issues and have not seen evidence of any attacks on other CDW systems.

CDW also addressed claims made this week by the LockBit ransomware gang, which demanded an $80 million ransom in return for the data but was only offered $1 million, allegedly. A representative of the gang even spoke to a news outlet to complain about the lowball offer.

“We are aware that a third party has made data available on the dark web which it claims to have taken from this environment,” CDW said. “As part of the ongoing investigation, we are reviewing this data and will take appropriate action in response – including directly notifying anyone affected, as appropriate.”

Cybersecurity expert Jon DiMaggio – who previously infiltrated the LockBit group – said the data leaked from CDW “looks pretty bad” from both a security and business standpoint.

“Data in the archives suggest it is associated with employee badges, audits, commission payout data, and other account-related information,” he said.

If accurate, the $80 million demand would be one of the highest ever aired publicly. The REvil ransomware gang asked for $50 million in 2021 from Taiwanese computer maker Acer.

The LockBit ransomware gang continues to operate with near impunity, remaining the most prolific attackers currently operating. The gang crippled a major hospital network in New York, a city in France and an electrical organization run by the government of Montreal all in the last month.

Last week they attacked a school district in Virginia.

BriefsCybercrimeTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

UK fines Equifax $13.6 million for 2017 data breach

Next Post

CISA plans to share more information on ransomware actors in its exploited vulnerability alerts

Related Posts

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They
Avatar
Read More

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to
Avatar
Read More