Travelex was hit with a major ramsomware attack on New Years eve. The cyber attacks forced the company to take down all computers and revert to use pen and paper.
As a result of the attack, Travelex turned off all of their internal computer systems across 30 sites to contain the ransomware.
Travelex issued a statement on January 7:
“On Tuesday December 31st Travelex detected a software virus which had compromised some of its services. As previously announced, on discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network.”
Travelex also confirmed the ransomware behind the attack is known as Sodinokibi (also known as REvil).
According to a BBC report, the cyber criminals were looking for a $6m ransom payout to recover systems. They also boasted of gaining access to Travelex sensitive customer data to include dates of birth, credit card information and national insurance numbers.
Although the investigation is still underway, Travelex said “there is still no evidence to date that any data has been exfiltrated.”
Readers may also remember cyber criminals targeted vulnerable software and gaps in managed service providers’ (MSP) security systems last year to distribute Sodinokibi ransomware.
Update (January 12, 2020): According to a BleepingComputer blog post, the actors behind the Sodinokibi Ransomware have also published stolen files from one of their other ransomware victims. The attackers followed through on previous threats and after their victim did not pay the ransom on time.
Although the recent release of these files are not linked to the Travelex attack, the malicious behavior may indicate these attackers may follow through on similar ransomware threats. Just like they did with Travelex last week.