Skip to main content

Hackers demand $6M from largest retail currency dealer in ransomware attack

Travelex is currently dealing with a ransomware attack that’s forced the company to suspend its online services.

Ransomware locks computer systems by encrypting files, with hackers then demanding payment in exchange for a decryption key. In the case of Travelex, hackers are ordering the London-based firm to cough up cash not only for the decryption key, but also to prevent the publication of various customer data that includes payment card information, the Financial Times reported on Tuesday, January 7.

The BBC said hackers claiming to be behind the attack are asking Travelex to pay $6 million to regain control of their systems, though the company is yet to confirm this.

The malware attack on the world’s largest retail currency dealer was discovered on New Year’s Eve, with Travelex publicly confirming the incident on January 3. The hackers told the BBC they accessed the company’s computer systems last summer and downloaded 5GB of customer data, which they are now threatening to expose.

Travelex said last week that when it learned of the incident at the end of December, it immediately took all of its systems offline as “a precautionary measure in order to protect and prevent the spread of the virus.” But the disruption is also preventing partner companies from selling foreign currency online.

In an update released by the company on January 7, Travelex named the malware as Sodinobiki, also commonly referred to as REvil. It said it had “proactively taken steps to contain the spread of the ransomware, which has been successful,” but added that it “does not yet have a complete picture of all the data that has been encrypted” by the hackers.

Despite the hackers’ reported threat to publish customer data if Travelex fails to pay the ransom, the company said it had no evidence yet that any data had been stolen.

Chief executive response

Parts of the Travelex website are still working, but any attempt to make a transaction takes customers to a press release that includes a message from Tony D’Souza, chief executive of Travelex.

In it, D’Souza says: “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise. We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data, as well as provide an excellent service to our customers, and we sincerely apologize for the inconvenience caused.”

D’Souza said Travelex is continuing to offer services to its customers on a manual basis and in the meantime will provide alternative customer solutions. “We are working tirelessly to bring our systems back online,” the chief executive added.

The company is currently working with the U.K.’s National Crime Agency and the Metropolitan Police, who are carrying out their own investigations into the incident.

Editors' Recommendations