Travelex falls victim to Sodinokibi ransomware attack

Travelex, a foreign exchange company with headquarters in London, has been hit by a ransomware attack, forcing it to shut down all computer systems across its 1,500 branches.

Although the organisation said no personal data has been compromised, the criminal hackers behind the attack claimed to have acquired more than 5GB of personal data, including dates of birth, payment card information and Social Security numbers.


The extent of the attack

Travelex, which processes more than 5,000 transactions an hour, shut down its systems and website on New Year’s Day, affecting banks, ATMs and websites associated with the organisation.

The ransomware was confirmed as Sodinokibi, also known as REvil, which first appeared in April 2019 and offered crooks the opportunity to ‘rent’ it and customise it in exchange for a share of the profits.

The ransomware’s readme files said: “It is just business. We absolutely do not care about you or your details, except getting benefits. If we do not do our work and liabilities – nobody will not co-operate with us. It is not in our interests.

“If you do not co-operate with our service – for us it does not matter. But you will lose your time and your data, cause just we have the private key. In practice time is much more valuable than money.”


Travelex’s response

Travelex still hasn’t contacted customers with information about the breach, but it is responding to queries across its social media platforms.

Security researcher Kevin Beaumont called Travelex’s response “shockingly bad”. He added: “The Travelex UK website still only says ‘planned maintenance’, a week after the problems began – many customers will be completely unaware hackers gained access to their network, and allegedly their personal data. Travelex have a responsibility to clearly communicate with customers and business partners the gravity of the situation.”


The key to preventing a ransomware attack

No matter whether you decide to pay the ransom or not (and we always advise against paying up), you’ll still face lengthy delays and a loss of productivity.

However, there are steps you can take to mitigate the risk of an attack in the first place. For example, did you know that the majority of infections are caused by employees opening phishing emails that unleash the ransomware on their systems?

Teaching staff to spot scams and respond appropriately can go a long way to keeping your organisation secure. Our Phishing and Ransomware – Human patch e-learning course delivers consistent, comprehensive training to your staff in just ten minutes.

Find out more >>

Further reading:


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.