The attack was launched on New Year’s Eve, according to reports, and the company was forced to take down its websites across 30 countries, in an attempt to contain the virus and protect data. Many of these were still offline as of Monday 13th January, though the business says it has now contained the virus.Travelex had to take all of its systems offline during the attack, which made it very difficult for customers who needed holiday cash and online services
The ransomware gang claimed to be behind the attack is called Sodinokibi, who have called for the firm to pay £4.6m, having downloaded vast numbers of sensitive customer data, which includes dates of birth, credit card information and national insurance numbers. Current reports indicate no data has yet been released, whilst the Information Commissioner’s Office have declared that it has not received a data breach report from Travelex. Following the release of the news, a number of high street banks had stopped customers ordering foreign currency, including Lloyds, Barclays and Royal Bank of Scotland.
Travelex has a presence in more than 70 countries, with more than 1,200 branches and 1,000 ATMs worldwide.
The attackers also threatened Travelex with the exposure and wholesale dumping of stolen data if the firm fails to pay the extortion fee, Maybe that’s the point: it’s no longer simplistic ransomware, but bigfish extortion. It’s a new game and one that is no longer about returning files, but rather about preventing exposure of information that compromises the reputation of the victim.They are reportedly threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment card information – into the public domain unless the company pays up.
This incident confirms that ransomware attacks have transitioned from opportunistic nuisance to something more sinister. It demonstrates the destructive capability of systemic ransomware designed to cripple large organizations and not just exploit small sums of cryptocurrency from individuals.