CDW investigates ransomware gang’s data theft allegations

esteria.white

Multibillion-dollar technology services company CDW said it was investigating a ransomware group’s claims that data was stolen in a cyberattack.

A spokesperson for the company – which reported revenue of more than $23 billion in 2022 – said it was currently “resolving an isolated IT security issue associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small American subsidiary of CDW-G.”

CDW-G is a secondary division of the company dedicated to providing technology services to U.S. government organizations such as schools, hospitals and state entities.

“These servers, which are not customer-facing, are isolated from our CDW network and other CDW-G systems. Our security protocols detected and contained suspicious activity related to these servers,” the spokesperson said.

“We immediately launched an investigation with the support of leading internal and external cybersecurity experts. Additionally, we have contacted the relevant government authorities regarding this matter.

The company experienced no operational issues and saw no evidence of attacks on other CDW systems.

CDW also responded to claims made this week by the LockBit ransomware gang, which demanded an $80 million ransom in exchange for the data, but was reportedly only offered $1 million . A representative of the gang itself spoke to a media complain about the lowball offer.

“We are aware that a third party has made data available on the dark web that they claim to have extracted from this environment,” CDW said. “As part of the ongoing investigation, we are reviewing this data and will take appropriate action in response, including directly notifying any affected individuals, where appropriate.”

Cybersecurity expert Jon DiMaggio – who previously infiltrate the LockBit group – said the data leaked by CDW “looks pretty bad” from a security and business perspective.

“Archive data suggests it is associated with employee badges, audits, commission payment data and other account-related information,” he said.

If accurate, the $80 million request would be one of the highest ever made public. The REvil ransomware gang asked for $50 million in 2021 from Taiwanese computer manufacturer Acer.

The LockBit ransomware gang continues to operate with impunity, remaining the most prolific attackers currently in operation. The gang is paralyzed a large hospital network in New York, a city ​​in France and an electrical organization managed by the Montreal government, all within the last month.

Last week they attacked a school district in Virginia.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Jonathan Greig

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Leave a comment