CDW Data Could Leak Next Week After Insulting LockBit With Low Ransom Bid: Report

One news outlet was told by a spokesperson for LockBit, the Russia-based provider of ransomware as a service, that it has made ready a package of CDW data to be released on Tuesday, October 11 after CDW supposedly made a ransom offer so low as to insult LockBit.


IT solution provider CDW was reportedly the subject of a cybersecurity attack by the LockBit cybercrime organization, which has promised to release CDW’s data after negotiations between the two broke down over the ransom fee.

The Register Friday reported that it was told by a LockBit spokesperson who used the alias “LockBitSupp” that CDW’s data will be released Tuesday after negotiations between the two ended when CDW offered to pay a ransom that was so low “it insulted the crooks.”

LockBitSupp told The Register that it will publish the information after CDW, a “$20 billion company,” offered payment deemed insufficient, and that it has “refused the ridiculous amount offered.”

Sponsored post

[Related: The 2023 Security 100]

CDW, ranked No. 4 on the CRN 2023 Solution Provider 500, has reported $22 billion revenue for the 12 months ended June 30, 2023.

CDW did not respond to a CRN request for information by press time.

LockBitSupp did not tell The Register the details of what LockBit wanted in payment or what CDW offered. At this point, the CDW data is slated to be released early Tuesday, October 10.

CDW is not the first IT solution provider to be hit by a LockBit ransomware attack. Global services provider Accenture, ranked No. 1 on the CRN Solution Provider 500, in late 2021 was also hit by an attack, but said there was no impact on the company’s operations.

France-based defense and cybersecurity company Thales, which in late 2022 was also attacked by LockBit, said that it experienced no intrusions in its IT systems.

Russia-based LockBit provides ransomware-as-a-service. It has become the prominent and most widespread cyber threat thanks to its “sophisticated and ruthless” strain of ransomware that infiltrates computer systems, encrypts important data, and demands large ransoms, according to New York-based security technology company Flashpoint.

Flashpoint estimates that LockBit has accounted for 27.9 percent of all known ransomware attacks between July of 2022 and June of 2023.

Not every LockBit cyberattack is what it seems. LockBit in June of 2022 claimed that it stole data from Reston, Va.-based cybersecurity vendor Mandiant. Mandiant, however, said that what actually happened was an attempt to shake down Mandiant to pay the ransom.

Kyle Alspach and Steve Burke contributed to this article.