Skip to main content

Travelex reportedly paid millions to hackers after ransomware attack

Travelex reportedly paid hackers $2.3 million to regain access to its own computer systems after they were compromised in a ransomware attack that was discovered on New Year’s Eve.

Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.

The world’s largest foreign-exchange provider paid the money in the form of Bitcoin, according to a source with knowledge of the matter who spoke to the Wall Street Journal. When details of the ransomware attack were made public in early January, reports suggested the hackers were demanding $6 million, a figure substantially higher than what Travelex has apparently paid.

The attack forced Travelex to take its computer systems offline in January, causing huge problems for its global business. While parts of the Travelex website remained operational, online transactions were suspended. The chaos extended to the company’s vast network of foreign exchange kiosks, too, where staff were forced to resort to using pen and paper to record transactions.

It wasn’t until the second half of February that Travelex was able to get its consumer business fully up and running again.

In the Travelex attack, hackers ordered the London-based firm to pay not only for the decryption key, but also to prevent the publication of various customer data that included payment card information, according to a Financial Times report in January.

Travelex earlier revealed that the perpetrators used malicious software called Sodinokibi, also known as REvil or Sodin, to launch its attack.

A group claiming to be behind the crime told the BBC in January that it accessed Travelex’s computer systems in the summer of 2019, downloading 5GB of customer data in the process.

The Journal’s report also notes how U.S. officials are warning companies to be extra careful when setting up home-working computer networks in response to the coronavirus lockdowns, with cybercriminals eager to exploit any security holes that may result.

No one has yet been arrested in connection with the Travelex ransomware attack and investigators are continuing to work on the case.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
Cybercrime spiked in 2022 — and this year could be worse
malwarebytes laptop

Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well -- but there were a couple of relative bright spots.

That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source -- and one of the most feared types of malware saw a hefty drop.

Read more
This major Apple bug could let hackers steal your photos and wipe your device
A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Read more