Skip to main content

Travelex reportedly paid millions to hackers after ransomware attack

Travelex reportedly paid hackers $2.3 million to regain access to its own computer systems after they were compromised in a ransomware attack that was discovered on New Year’s Eve.

Recommended Videos

Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.

Please enable Javascript to view this content

The world’s largest foreign-exchange provider paid the money in the form of Bitcoin, according to a source with knowledge of the matter who spoke to the Wall Street Journal. When details of the ransomware attack were made public in early January, reports suggested the hackers were demanding $6 million, a figure substantially higher than what Travelex has apparently paid.

The attack forced Travelex to take its computer systems offline in January, causing huge problems for its global business. While parts of the Travelex website remained operational, online transactions were suspended. The chaos extended to the company’s vast network of foreign exchange kiosks, too, where staff were forced to resort to using pen and paper to record transactions.

It wasn’t until the second half of February that Travelex was able to get its consumer business fully up and running again.

In the Travelex attack, hackers ordered the London-based firm to pay not only for the decryption key, but also to prevent the publication of various customer data that included payment card information, according to a Financial Times report in January.

Travelex earlier revealed that the perpetrators used malicious software called Sodinokibi, also known as REvil or Sodin, to launch its attack.

A group claiming to be behind the crime told the BBC in January that it accessed Travelex’s computer systems in the summer of 2019, downloading 5GB of customer data in the process.

The Journal’s report also notes how U.S. officials are warning companies to be extra careful when setting up home-working computer networks in response to the coronavirus lockdowns, with cybercriminals eager to exploit any security holes that may result.

No one has yet been arrested in connection with the Travelex ransomware attack and investigators are continuing to work on the case.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Microsoft confirms recent service outages were DDoS attacks
microsoft logo (sign)

Microsoft has shared some information about an outage that impacted its services earlier this month.

The disruption affected the computer giant’s Azure cloud computing platform, along with Microsoft tools such as the Outlook email and OneDrive file-sharing apps.

Read more
Hackers have a new way of forcing ransomware payments
kaspersky releases tool to counteract cryptxxx ransomware

Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.

In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more