Ransomware Attacks on Travel Companies Spread, Sparking Complacency Fears

A spate of ransomware attacks on travel companies worries some security professionals, who believe the criminals are upping their games. Some criminal groups may be plowing part of the payouts they get from shakedowns into launching more sophisticated attacks. Carnival discovered on August 15 it had become the latest travel industry victim of ransomware, software that holds a victims' devices and data hostage while the perpetrators demand money. Carnival, one of the world's largest cruise operators, warned investors this week that criminals may have accessed the personal details of its customers and staff. The company said hackers accessed data in a part of an IT system for one unnamed brand. Carnival's brands include Cunard, Princess, and P&O. CWT, the travel management giant, reportedly paid $4.5 million in ransom last month to hackers who had taken sensitive corporate files hostage and took about 30,000 computers offline. Garmin, the maker of navigational systems, suffered a service outage for many days after a ransomware attack in July. Garmin paid a "multi-million dollar" sum, Sky News reported, though the company hasn't commented. Hackers targeted Travelex, the currency-exchange business, with a ransomware attack on December 31, 2019, that halted portions of its business for weeks, its parent company, Finablr, said. Hackers demanded $6 million, BBC News reported.