Skip to main content

Travelex reportedly paid millions to hackers after ransomware attack

Travelex reportedly paid hackers $2.3 million to regain access to its own computer systems after they were compromised in a ransomware attack that was discovered on New Year’s Eve.

Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.

The world’s largest foreign-exchange provider paid the money in the form of Bitcoin, according to a source with knowledge of the matter who spoke to the Wall Street Journal. When details of the ransomware attack were made public in early January, reports suggested the hackers were demanding $6 million, a figure substantially higher than what Travelex has apparently paid.

The attack forced Travelex to take its computer systems offline in January, causing huge problems for its global business. While parts of the Travelex website remained operational, online transactions were suspended. The chaos extended to the company’s vast network of foreign exchange kiosks, too, where staff were forced to resort to using pen and paper to record transactions.

It wasn’t until the second half of February that Travelex was able to get its consumer business fully up and running again.

In the Travelex attack, hackers ordered the London-based firm to pay not only for the decryption key, but also to prevent the publication of various customer data that included payment card information, according to a Financial Times report in January.

Travelex earlier revealed that the perpetrators used malicious software called Sodinokibi, also known as REvil or Sodin, to launch its attack.

A group claiming to be behind the crime told the BBC in January that it accessed Travelex’s computer systems in the summer of 2019, downloading 5GB of customer data in the process.

The Journal’s report also notes how U.S. officials are warning companies to be extra careful when setting up home-working computer networks in response to the coronavirus lockdowns, with cybercriminals eager to exploit any security holes that may result.

No one has yet been arrested in connection with the Travelex ransomware attack and investigators are continuing to work on the case.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers target your holiday shopping with new phishing scam
Woman using a laptop next to a latte.

It's easy to get fooled by this new and devious, holiday-themed phishing attack that offers free prizes. But the old caution that “if it sounds too good to be true, it probably is” continues to be proven correct in this case.

What makes this trick so effective is the elaborate methods used to conceal its nefarious purpose and to reassure you, the potential victim, that it’s perfectly OK to proceed. This phishing attack has actually been active since September and is ongoing, targeting holiday shoppers seeking special offers.

Read more
Twitter is reportedly working on paid DMs to celebrities
The Twitter app on the Sony XPeria 5 II.

In what appears to be another effort to help Twitter generate revenue at the start of its Elon Musk era, the social media platform is reportedly working on paid Direct Messaging (DM), with a particular emphasis on those paid messages being sent to celebrities.

On Thursday, The New York Times published a report in which it mentioned that -- according to internal documents it saw and "two people with knowledge of the work" -- that Twitter was working on a paid DM feature that would allow users to send messages to celebrities for a fee. The fee structure for this feature apparently hasn't been officially finalized yet, but The Times did note that it could be "as little as a few dollars per direct message."

Read more
Hackers are infiltrating news websites to spread malware
A black fedora rests on top of newspapers infected with spreading green lines..

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that's disguised as a Chrome browser update. This is quite a devious attack method since it's considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Read more