Currency exchange firm, Travelex, ‘being held to ransom’ by hackers demanding $6m

Currency exchange firm, Travelex, ‘being held to ransom’ by hackers demanding $6m | Secret Flying

A ransomware gang called “Sodinokibi” told the BBC it is behind the hack.

 

A ransomware cyber-attack on the currency exchange company, Travelex, has forced the firm to take down all of its global websites.

 

On New Year’s eve, hackers launched an attack on the Travelex network, holding the exchange ransom for $6 million in bitcoin.

 

The group claims it first gained access to the company’s network six months ago and has downloaded 5GB worth of sensitive customer data, including credit card and insurance information.

 

“In the case of payment, we will delete and will not use that [data]base and restore them the entire network. The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base,” the hackers warned.

 

The London-based company has said there is no evidence customer data has been compromised.

 

The Travelex website continues to be down, with a press release on the homepage reading: “On Tuesday December 31st Travelex detected a software virus which had compromised some of its services.

 

“As previously announced, on discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network.

 

“Whilst the investigation is still ongoing, Travelex has confirmed that the software virus is ransomware known as Sodinokibi, also commonly referred to as REvil. Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful.”

 

Although online services are down, Travelex cashiers situated in many airports and high streets around the world have been resorting to using pen and paper when exchanging currencies.

 

Travelex operates in more than 70 countries worldwide, with more than 1,200 branches and 1,000 ATMs.