Skip to main content

Hackers demand $6M from largest retail currency dealer in ransomware attack

Travelex is currently dealing with a ransomware attack that’s forced the company to suspend its online services.

Ransomware locks computer systems by encrypting files, with hackers then demanding payment in exchange for a decryption key. In the case of Travelex, hackers are ordering the London-based firm to cough up cash not only for the decryption key, but also to prevent the publication of various customer data that includes payment card information, the Financial Times reported on Tuesday, January 7.

The BBC said hackers claiming to be behind the attack are asking Travelex to pay $6 million to regain control of their systems, though the company is yet to confirm this.

The malware attack on the world’s largest retail currency dealer was discovered on New Year’s Eve, with Travelex publicly confirming the incident on January 3. The hackers told the BBC they accessed the company’s computer systems last summer and downloaded 5GB of customer data, which they are now threatening to expose.

Travelex said last week that when it learned of the incident at the end of December, it immediately took all of its systems offline as “a precautionary measure in order to protect and prevent the spread of the virus.” But the disruption is also preventing partner companies from selling foreign currency online.

In an update released by the company on January 7, Travelex named the malware as Sodinobiki, also commonly referred to as REvil. It said it had “proactively taken steps to contain the spread of the ransomware, which has been successful,” but added that it “does not yet have a complete picture of all the data that has been encrypted” by the hackers.

Despite the hackers’ reported threat to publish customer data if Travelex fails to pay the ransom, the company said it had no evidence yet that any data had been stolen.

Chief executive response

Parts of the Travelex website are still working, but any attempt to make a transaction takes customers to a press release that includes a message from Tony D’Souza, chief executive of Travelex.

In it, D’Souza says: “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise. We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data, as well as provide an excellent service to our customers, and we sincerely apologize for the inconvenience caused.”

D’Souza said Travelex is continuing to offer services to its customers on a manual basis and in the meantime will provide alternative customer solutions. “We are working tirelessly to bring our systems back online,” the chief executive added.

The company is currently working with the U.K.’s National Crime Agency and the Metropolitan Police, who are carrying out their own investigations into the incident.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more
AMD is now more recognizable than Intel
AMD's CEO delivering the Computex 2024 presentation.

While many would assume otherwise, a recent report tells us that AMD is now a more recognizable brand than Intel -- and that's big news for the tech giant. Kantar's BrandZ Most Valuable Brands report ranks AMD at 41, followed by Intel at number 48. Beating its long-standing rival is just one part of the prize for AMD. It also ranked among the top 10 risers in the report, meaning that its brand value increased a lot over the last year.

According to the report, AMD saw massive brand growth since 2023, increasing by 53% year-over-year. Moreover, AMD's brand value reached $51.86 million in the Business Technology and Services Platforms category. It's easy to guess where that intense growth is coming from -- AMD is leaning into AI, just like its rivals Intel and Nvidia have done in recent years.

Read more