Skip to main content

Hackers demand $6M from largest retail currency dealer in ransomware attack

Travelex is currently dealing with a ransomware attack that’s forced the company to suspend its online services.

Recommended Videos

Ransomware locks computer systems by encrypting files, with hackers then demanding payment in exchange for a decryption key. In the case of Travelex, hackers are ordering the London-based firm to cough up cash not only for the decryption key, but also to prevent the publication of various customer data that includes payment card information, the Financial Times reported on Tuesday, January 7.

Please enable Javascript to view this content

The BBC said hackers claiming to be behind the attack are asking Travelex to pay $6 million to regain control of their systems, though the company is yet to confirm this.

The malware attack on the world’s largest retail currency dealer was discovered on New Year’s Eve, with Travelex publicly confirming the incident on January 3. The hackers told the BBC they accessed the company’s computer systems last summer and downloaded 5GB of customer data, which they are now threatening to expose.

Travelex said last week that when it learned of the incident at the end of December, it immediately took all of its systems offline as “a precautionary measure in order to protect and prevent the spread of the virus.” But the disruption is also preventing partner companies from selling foreign currency online.

In an update released by the company on January 7, Travelex named the malware as Sodinobiki, also commonly referred to as REvil. It said it had “proactively taken steps to contain the spread of the ransomware, which has been successful,” but added that it “does not yet have a complete picture of all the data that has been encrypted” by the hackers.

Despite the hackers’ reported threat to publish customer data if Travelex fails to pay the ransom, the company said it had no evidence yet that any data had been stolen.

Chief executive response

Parts of the Travelex website are still working, but any attempt to make a transaction takes customers to a press release that includes a message from Tony D’Souza, chief executive of Travelex.

In it, D’Souza says: “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise. We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data, as well as provide an excellent service to our customers, and we sincerely apologize for the inconvenience caused.”

D’Souza said Travelex is continuing to offer services to its customers on a manual basis and in the meantime will provide alternative customer solutions. “We are working tirelessly to bring our systems back online,” the chief executive added.

The company is currently working with the U.K.’s National Crime Agency and the Metropolitan Police, who are carrying out their own investigations into the incident.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Microsoft just gave you a new way to stay safe from viruses
A dark mystery hand typing on a laptop computer at night.

Microsoft has just taken a vital step towards better protecting your devices from malware, and it’s one that could stop viruses dead in their tracks. Interestingly, though, the Redmond giant seems to have made no mention of the change, despite its significance.

The new policy might sound minor on the surface: Microsoft’s SharePoint cloud storage service can apparently now scan files that are encrypted or password-protected. Previously, this wasn’t thought to be possible.

Read more
Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more