Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lockbit ransomware gang demanded an 80 million ransom to CDW

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site. CDW Corporation is […]

CDW Lockbit

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data.

The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site.

CDW Corporation is a provider of technology solutions and services for business, government and education. A secondary division of the company, known as CDW-G, focuses on United States governmental entities, including as K-12 schools, universities, non-profit healthcare organizations, State & Local and the Federal government.

The LockBit ransomware gang demanded an $80 million ransom, but the group claims that the company only offered $1 million.

“All the Nasdaq-listed corporation was able to offer was $1,100,000 dollars of the requested $80,000,000 dollars” reads the message published on the dark web leak site of the group.

CDW Lockbit

“We published them because in the negotiation process a $20 billion company refuses to pay adequate money,” a representative of the gang told The Register. “As soon as the timer runs out you will be able to see all the information, the negotiations are over and are no longer in progress. We have refused the ridiculous amount offered.”

CDW revealed that it had detected suspicious activity related to the Sirius Federal servers and quickly launched an investigation with the help of external cybersecurity experts.

“we are addressing an isolated IT security matter associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small U.S. subsidiary of CDW-G.” The servers are “non-customer-facing” and are “isolated from our CDW network and other CDW-G systems,” reads a statement sent by the company to CRN on Thursday.

The company pointed out that its systems remain fully operational.

“We are aware that a third party has made data available on the dark web which it claims to have taken from this environment,” CDW added. “As part of the ongoing investigation, we are reviewing this data and will take appropriate action in response – including directly notifying anyone affected, as appropriate.”

Brett Callow, threat analyst at the cybersecurity firm Emsisoft explained that the ransom demand for this case is the 3rd largest ransom demand, at least, among those that became publicly known.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)