[BreachExchange] Travelex Ransom Demand Is Doubled

Destry Winant destry at riskbasedsecurity.com
Tue Jan 21 09:56:40 EST 2020


https://www.cybersecurityintelligence.com/blog/travelex-ransom-demand-is-doubled-4743.html

Malicious hackers are holding Travelex to ransom and the original
demand for payment  of $3m to re-start the copmanies online systems
now been doubled to $6m. Two weeks after the enormous Travelex cyber
hack banks that use Travelex for their foreign exchange services still
cannot sell travel money. The affected banks  include Lloyds,
Barclays, and RBS.

The hackers struck on New Year's Eve forcing the London-headquartered
firm to take down all its global websites. Travelex has a presence in
more than 70 countries, with more than 1,200 branches and 1,000 ATMs
worldwide. In a statement, the foreign exchange firm said it is making
"good progress" recovering its systems over 15 days after the firrst
event.

The firm’s employees are using pen and paper since the hack, but
should be able to switch on their computers again soon.
Travelex website, that was taken down immediately after the attack was
launched two weeks ago, but is still offline and the firm has not said
when it will be operational again.

Banks that depend on its foreign exchange services are still unable to
sell travel money online or in store as a result of the attack.

"We continue to make good progress with our recovery and have already
completed a considerable amount in the background," said Travelex boss
Tony D'Souza. "We are now at the point where we are able to start
restoring functionality in our partner and customer services, and will
be giving our partners additional detail on what that will look like
during the course of this week," adding that "There is no evidence to
suggest that customer data has been compromised."

The hackers, thought to be a gang using Sodinokibi, malware also known
as REvil, have told the BBC they gained access to the company's
computer network six months ago and claim to have downloaded 5GB of
sensitive customer data.In August last year threat analysts at leading
cybersecurity form Cybereason dubbed Sodinokiba 'The Crown Prince of
Ransomware.

The hackers are understood to claim that they have dates of birth,
credit card information and national insurance numbers of Travelex
customers all in their possession.

Travelex has started issuing refunds to customers, with its website
still down two weeks after being hit by the cyberattack.
Now Travelex has said it is working closely with the Metropolitan
Police, which is leading the investigation into the attack.
Travelex’s network of branches around the UK are still operational,
and are providing foreign exchange services manually.


More information about the BreachExchange mailing list