Ransomware gang threatens to release stolen CDW Corp. data

The LockBit ransomware gang is threatening to release data on Wedneday stolen from CDW Corp., a major IT reseller and services provider in the U.S., Canada and the U.K..

The Register says it was told by a gang member that Lockbit made the decision because negotiations over the ransom fee broke down.

“As soon as the timer [on the Lockbit data leak site] runs out, you will be able to see all the information, the negotiations are over and are no longer in progress. We have refused the ridiculous amount offered,” The Register quotes the gang member saying.

LockBit listed CDW Corp. as one of its victims early last month.

UPDATE: The LockBit gang’s data leak site says it demanded US$80 million, and CDW offered US$1.1 million.

It isn’t known how much data was stolen, or whether it includes personal information of employees and customers as well as corporate information.

IT World Canada has asked CDW Corp. for comment.

The issue of whether to pay a ransomware gang is complex for an organization. While many governments and law enforcement agencies around the world urge organizations not to pay, they also say it is a matter up to management — although in some countries it could be illegal. An organization’s decision will depend upon the sensitivity of the data stolen.

Another factor, however, is what the organization will get for shelling out. Paying is supposed to get the victim firm decryption keys to unscramble encrypted data. Sometimes those keys don’t work. Payment should also come with a promise from the gang to delete copies of the stolen data it holds. Whether that promise will be kept is a question.

According to a study by Cybereason, 80 per cent of organizations who paid a ransom demand were hit by ransomware a second time, with 68 per cent of respondents saying the second attack came less than a month later and threat actors demanded a higher ransom amount.

Experts repeatedly say organizations unprepared for a ransomware attack are the ones that are squeezed the most to pay.

Headquartered in Illinois, CDW generated net sales of US$22 billion in its last fiscal year. The company was incorporated in 1984, and soon after became Computer Discount Warehouse. By 1997 it had generated sales of over US$1 billion. In 2003, after buying the assets of Micro Warehouse, that firm’s Canadian business became CDW Canada. It entered the U.K. in 2014 after buying 35 per cent a leading British technology services and solutions company, completely taking it over a year later.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now