Telecom giant AT&T Inc. allegedly paid $400,000 in Bitcoin to hackers who claimed to have compromised its network and stolen sensitive information in 2022. An anonymous ransomware expert corroborated the payment after the hacker provided a Bitcoin wallet number.
Ransom Demand and Lack of Response
The hackers reportedly demanded the ransom to delete call and text logs of almost all of AT&T’s wireless customers, spanning over six months. The hacker’s claims served as the basis for this revelation. However, when the media attempted to get a comment from AT&T regarding the ransom payment, the company did not respond. Similarly, the FBI and the Department of Justice failed to confirm whether any payment was made.
Blockchain analysis firm Chainalysis Inc. confirmed that an unidentified actor transferred 1,410 BTC, or about $380,000 at the time of the transaction, into the hacker’s wallet. A smaller sum was then sent from this wallet to a notorious cybercriminal. However, Chainalysis could not determine if AT&T made the payment or if a third party was involved.
Also Read: MAS Identifies Cryptocurrency as Key Money Laundering Risks
Evidence and Comparison to Other Ransom Payments
The hacker provided a seven-minute video as evidence that he deleted the stolen data to honor the deal with AT&T. Some analysts argue that $400,000 is inadequate for such a sensitive data breach, comparing it to the $4.4 million demanded and paid by Colonial Pipeline Co. in 2021 when the pipeline closure disrupted gas supplies to the U.S. East Coast.
Implications of the Alleged Ransom Payment
The allegations of AT&T’s ransom payment underscore the ongoing threat of ransomware and its significant consequences for businesses. This incident highlights the need for robust cybersecurity measures and the challenges companies face in dealing with cyber threats.
The purported ransom payment by AT&T demonstrates the severity of ransomware attacks and the lengths companies may go to mitigate potential damage. As ransomware threats persist, businesses must continually adapt and strengthen their cybersecurity defenses to protect sensitive data and maintain customer trust.
