Travelex reportedly paid millions to hackers after ransomware attack
Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.
The world’s largest foreign-exchange provider paid the money in the form of Bitcoin, according to a source with knowledge of the matter who spoke to the Wall Street Journal. When details of the ransomware attack were made public in early January, reports suggested the hackers were demanding $6 million, a figure substantially higher than what Travelex has apparently paid.
The attack forced Travelex to take its computer systems offline in January, causing huge problems for its global business. While parts of the Travelex website remained operational, online transactions were suspended. The chaos extended to the company’s vast network of foreign-exchange kiosks, too, where staff were forced to resort to using pen and paper to record transactions.
It wasn’t until the second half of February that Travelex was able to get its consumer business fully up and running again.
In the Travelex attack, hackers ordered the London-based firm to pay not only for the decryption key, but also to prevent the publication of various customer data that included payment card information, according to a Financial Times report in January.
Travelex earlier revealed that the perpetrators used malicious software called Sodinokibi, also known as REvil or Sodin, to launch its attack.
A group claiming to be behind the crime told the BBC in January that it accessed Travelex’s computer systems in the summer of 2019, downloading 5GB of customer data in the process.
The Journal’s report also notes how U.S. officials are warning companies to be extra careful when setting up home-working computer networks in response to the coronavirus lockdowns, with cybercriminals eager to exploit any security holes that may result.
No one has yet been arrested in connection with the Travelex ransomware attack and investigators are continuing to work on the case.